CX SQL_Injection @ admin/report-cancelmonthly.php [master]

[cxronen]

SQL_Injection issue exists @ admin/report-cancelmonthly.php in branch master

Method <?php at line 1 of admin\report-cancelmonthly.php gets user input from the _REQUEST element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in a database query in method <?php at line 1 of admin\report-cancelmonthly.php. This may enable an SQL Injection attack.

Severity: High

CWE:89

Checkmarx

Lines: 24 25

---

Code (Line #24):

		$orderbywhat = isset($_REQUEST["orderbywhat"])?$_REQUEST["orderbywhat"]:" ";

---

Code (Line #25):

		$direction = isset($_REQUEST["direction"])?$_REQUEST["direction"]:" ";

---

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.

[cxronen]

Issue still exists.