2022-wikiseo-semgrep-r-php-phpcs-security-audit.txt
mmartorana (manfredi martorana)
Actions

Authored By

	mmartorana
	Mar 30 2022, 9:21 AM

Size

1 KB

Referenced Files

None

Subscribers

None

2022-wikiseo-semgrep-r-php-phpcs-security-audit.txt
View Options


	[36m[22m[24m includes/Generator/AbstractBaseGenerator.php [0m
	[1m[24mphp.lang.security.weak-crypto.weak-crypto[0m
	Detected usage of weak crypto function. Consider using stronger alternatives.
	Details: https://sg.run/KlBn

	130┆ [1m[24m$cacheHash =[0m
	131┆ [1m[24m'?version=' . md5( $file->getTimestamp() . $file->getWidth() . $file->getHeight() );[0m


	[36m[22m[24m includes/WikiSEO.php [0m
	[1m[24mphp.lang.security.unserialize-use.unserialize-use[0m
	Calling `unserialize()` with user input in the pattern can lead to arbitrary code execution.
	Consider using JSON or structured data approaches (e.g. Google Protocol Buffers).
	Details: https://sg.run/b24E

	258┆ $valueUnserialized = [1m[24munserialize( $value, [ 'allowed_classes' => false ] );[0m
	⋮┆----------------------------------------
	288┆ $value = [1m[24munserialize( $prop, [ 'allowed_classes' => false ] );[0m


	[36m[22m[24m maintenance/GenerateDescription.php [0m
	[1m[24mphp.lang.security.file-inclusion.file-inclusion[0m
	Detected non-constant file inclusion. This can lead to local file inclusion (LFI) or remote
	file inclusion (RFI) if user input reaches this statement. LFI and RFI could lead to
	sensitive files being obtained by attackers. Instead, explicitly specify what to include. If
	that is not a viable solution, validate user input thoroughly.
	Details: https://sg.run/Ge56

	10┆ [1m[24mrequire_once "$IP/maintenance/Maintenance.php";[0m
	⋮┆----------------------------------------
	94┆ [1m[24mrequire_once RUN_MAINTENANCE_IF_MAIN;[0m

Mime Type: text/plain
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 9388122
Default Alt Text: 2022-wikiseo-semgrep-r-php-phpcs-security-audit.txt (1 KB)