Cipher algorithm used to encrypt data is not strong. Using weak cipher algorithm such as RC2, RC4, DES, MD5, etc. for encrypting sensitive data can be vulnerable to several attacks.
Cookies set without the
secure flag can cause the user agent to send those cookies in plaintext over an HTTP session with the same server. This can be observed by an unauthorized person, leading to a man-in-the-middle attack.
system functions to execute command can make the application vulnerable to arbitrary commands execution, if the user-supplied data is escaped or sanitized properly before passing them.
Though functions like
escapeshellcmd exists which can be used to escape the command and shell argument. But the lack of cross-operating system compatibility of these functions relying on it is discouraged.
Generating session ID manually can allow an attacker to hijack another user's session. The application can become vulnerable if the session ID is not generated using a strong secure pseudo-random generator or, the session ID length is too short.
Therefore, it is discouraged to generate session IDs manually. Instead, always use language-specific function like
session_regenerate_id() to generate new session IDs.
sha1() function is not recommended to generate secure passwords. Due to its fast nature to compute passwords too quickly, these functions can become really easy to crack a password using brute force attack.
It is recommended to use PHP's password hashing function
password_hash() to create a secure password hash.