Tag: owasp-top10
The use of untrusted inputs in a SQL database query can enable attackers to read, modify, or delete sensitive data in the database.
The phpinfo
function may reveal sensitive information about your environment.
Improper Output Neutralization for Logs.
Unverified origins of messages and identities in cross-origin communications can lead to security vulnerabilities.
Relying on potentially untrusted user inputs when constructing web application outputs can lead to cross-site scripting vulnerabilities.
Creating file paths from untrusted input might give a malicious actor access to sensitive files.
OS command injection from untrusted input.
Uncovered an anonymous LDAP bind,posing a risk of unauthorized execution of LDAP statements. Strengthen LDAP security with authentication enforcement.
Functions require input validation and sanitization to prevent security risks from untrusted user data.
Executing assert with user-provided input is comparable to invoking dynamic code evaluations.
Weak file permissions can lead to privilege escalation.
The wp_ajax_priv_upload
and wp_ajax_nopriv_upload
hooks allow developers to define callbacks for authenticated and anonymous AJAX requests.
Connections that use insecure protocols transmit data in cleartext, which can leak sensitive information.
Redirecting to the current request URL might direct to another domain if the current path begins with two slashes.
Use of a broken or risky cryptographic algorithm identified as weak.
Sanitize user input to prevent PHP object injection vulnerabilities from direct injection without sanitization.
Avoid running dynamic commands to prevent command injection vulnerabilities.
Expanding unverified archive files without controlling the size of the expanded data can lead to zip bomb attacks.
Use of externally-controlled input in reflection.
Deserialization of untrusted data can lead to security vulnerabilities, such as inadvertently running remote code.
Using a static initialization vector (IV) for a cryptographic cipher is security sensitive.
Modify input validation check to guarantee expected behavior for all inputs, not just an invalid assumption that causes errors.
Insecure cookies can lead to unencrypted transmission of sensitive data.
The software does not restrict or incorrectly restrict access to a resource from an unauthorized actor.