Test case 162730

Type: source code
State: bad
Author: Bertrand Stivalet and Aurelien Delaitre
Status: candidate
Language: PHP
Submission Date: 20 Oct 2015

Description

Unsafe sample
input : reads the field UserData from the variable $_GET
Uses an email_filter via filter_var function
construction : use of sprintf via a %s with simple quote

Flaws

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Test Suites

PHP Vulnerability Test Suite

Have any comments on this test case? Please, send us an email.