PHP

PHP

By DeepSource

Audit required: Use of an insecure cipherPHP-A1007
Security

Cipher algorithm used to encrypt data is not strong. Using weak cipher algorithm such as RC2, RC4, DES, MD5, etc. for encrypting sensitive data can be vulnerable to several attacks.

Audit required: Function may be vulnerable to arbitrary commands executionPHP-A1009
Security

Using exec, passthru, shell_exec or, system functions to execute command can make the application vulnerable to arbitrary commands execution, if the user-supplied data is escaped or sanitized properly before passing them.

Though functions like escapeshellarg and escapeshellcmd exists which can be used to escape the command and shell argument. But the lack of cross-operating system compatibility of these functions relying on it is discouraged.