DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now

smalos / nubuilder_dev

Audit required: Sensitive cookie without secure attribute PHP-A1005
Security
Critical
6 occurrences in this check
a02 cwe-614 cwe-311 cwe-315 sans top 25 owasp top 10
Cookie set without "secure" flag
core/nuvendorlogin.php
54        $page = "libs/tinyfilemanager/tinyfilemanager.php";
55    }
56
57    setcookie("nu_".$appId, $_SESSION['nubuilder_session_data']['SESSION_ID']);58
59    return $page;
60}
Cookie set without "secure" flag
core/nupmalogin.php
53        $page							= "nupmalogout.php?$time=$time";
54        setcookie("nupmalogin", "bad");
55        setcookie("nuConfigDBHost", null);
56        setcookie("nuConfigDBUser", null);57        setcookie("nuConfigDBPassword", null);
58        return $page;
59    }
Cookie set without "secure" flag
core/nupmalogin.php
54        setcookie("nupmalogin", "bad");
55        setcookie("nuConfigDBHost", null);
56        setcookie("nuConfigDBUser", null);
57        setcookie("nuConfigDBPassword", null);58        return $page;
59    }
Cookie set without "secure" flag
core/nupmalogin.php
42        setcookie("nuConfigDBPassword", $_SESSION['nubuilder_session_data']['DB_PASSWORD']);
43
44        if ($_SESSION['nubuilder_session_data']['DB_PASSWORD'] == '') {
45            setcookie("nuConfigDBPasswordBlank", 'BLANK');46        }
47        return $page;
48    }
Cookie set without "secure" flag
core/nupmalogin.php
39        setcookie("nupmalogin", "good");
40        setcookie("nuConfigDBHost", $_SESSION['nubuilder_session_data']['DB_HOST']);
41        setcookie("nuConfigDBUser", $_SESSION['nubuilder_session_data']['DB_USER']);
42        setcookie("nuConfigDBPassword", $_SESSION['nubuilder_session_data']['DB_PASSWORD']);43
44        if ($_SESSION['nubuilder_session_data']['DB_PASSWORD'] == '') {
45            setcookie("nuConfigDBPasswordBlank", 'BLANK');
Cookie set without "secure" flag
core/nupmalogin.php
38        $page = "libs/nudb/db_structure.php?server=1&db=".$_SESSION['nubuilder_session_data']['DB_NAME']."&$time=$time";
39        setcookie("nupmalogin", "good");
40        setcookie("nuConfigDBHost", $_SESSION['nubuilder_session_data']['DB_HOST']);
41        setcookie("nuConfigDBUser", $_SESSION['nubuilder_session_data']['DB_USER']);42        setcookie("nuConfigDBPassword", $_SESSION['nubuilder_session_data']['DB_PASSWORD']);
43
44        if ($_SESSION['nubuilder_session_data']['DB_PASSWORD'] == '') {