-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path29.json
25 lines (25 loc) · 1.17 KB
/
29.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"file_path": "security_data/gpt3_security_vulnerability_scanner-main/File Inclusion/lfi1.php",
"vulnerability": "Vulnerabilities detected: 1.Path Traversal :The code uses the include() function with $_GET['page'] directly as the parameter. This function includes and executes a specified PHP file. Because there is no apparent validation or sanitization of the page GET parameter, an attacker could manipulate this parameter to include files they shouldn't have access to, such as system files, configuration files, or other sensitive files.\n",
"source code": "<?php include(\"../common/header.php\"); ?>\n\n<form action=\"/api/index.php\" method=\"GET\">\n <input type=\"text\" name=\"page\">\n</form>\n\n<?php\ninclude($_GET[\"page\"]);\n?>\n",
"language": "php",
"cwe_identifier": [
"CWE-22"
],
"pattern_desc": [
"Path Traversal"
],
"line_number": [
8
],
"line_text": [
"include($_GET[\"page\"]);"
],
"pattern_id": [
"PHP-R-021"
],
"rule": [
"\\b(?:include|require)\\s*\\(\\s*\\$_(GET|POST|REQUEST|COOKIE|SESSION)\\s*\\[\\s*['\"](?:[^'\"]*)['\"]\\s*\\]"
],
"label": 0
}