Skip to main content

PHP

Available solutions

  1. Asymmetric denial of service
  2. Symmetric denial of service
  3. Remote command execution
  4. Cross-site request forgery
  5. Reflected cross-site scripting (XSS)
  6. Stored cross-site scripting (XSS)
  7. Insecure functionality
  8. Insecure authentication method - Basic
  9. Insecure encryption algorithm - SSL/TLS
  10. Sensitive information sent insecurely
  11. Administrative credentials stored in cache memory
  12. XPath injection
  13. Use of an insecure channel
  14. User enumeration
  15. Insecure file upload
  16. Inadequate file size control
  17. Sensitive information sent via URL parameters
  18. Spoofing
  19. Password change without identity check
  20. Insecure generation of random numbers
  21. ViewState not encrypted
  22. Technical information leak
  23. Business information leak
  24. Insecurely generated cookies
  25. HTML code injection
  26. Cracked weak credentials
  27. Insecure encryption algorithm
  28. Sensitive information stored in logs
  29. Remote File Inclusion
  30. Concurrent sessions
  31. Lack of data validation - Path Traversal
  32. Improper resource allocation
  33. Insecure session expiration time
  34. Weak CAPTCHA
  35. Insecurely generated token
  36. Business information leak - Customers or providers
  37. Privacy violation
  38. Lack of data validation - Trust boundary violation
  39. Log injection
  40. Insecure encryption algorithm - Anonymous cipher suites
  41. Hidden fields manipulation
  42. Insecure encryption algorithm - Cipher Block Chaining
  43. Data uniqueness not properly verified
  44. Insecure deserialization
  45. External control of file name or path
  46. Email uniqueness not properly verified
  47. NoSQL injection
  48. LDAP injection
  49. Improper control of interaction frequency
  50. Out-of-bounds read
  51. Improper type assignation
  52. Security controls bypass or absence
  53. HTTP parameter pollution
  54. Email flooding
  55. Local file inclusion
  56. Race condition
  57. Directory listing
  58. Lack of data validation - Type confusion
  59. Insecurely generated cookies - HttpOnly
  60. Insecurely generated cookies - SameSite
  61. Insecure or unset HTTP headers - Strict Transport Security
  62. Insecure or unset HTTP headers - X-Content-Type-Options
  63. Insecure or unset HTTP headers - Cache Control
  64. Inappropriate coding practices
  65. Lack of data validation - URL
  66. Sensitive information in source code - API Key
  67. Inappropriate coding practices - Eval function
  68. Inappropriate coding practices - Cyclomatic complexity
  69. SQL injection
  70. Use of an insecure channel - useSslProtocol()
  71. Insecure or unset HTTP headers - Accept
  72. Time-based SQL Injection
  73. SQL Injection - Headers
  74. Uncontrolled external site redirect
  75. Excessive privileges - Temporary Files
  76. Insecure service configuration
  77. Insecure service configuration - Backdoor
  78. Debugging enabled in production
  79. Lack of data validation - Web Service
  80. Lack of data validation - Source Code
  81. Lack of data validation - Content Spoofing
  82. Lack of data validation - Session Cookie
  83. Lack of data validation - Responses
  84. Lack of data validation - Reflected Parameters
  85. Lack of data validation - Host Header Injection
  86. Lack of data validation - Input Length
  87. Lack of data validation - Headers
  88. Lack of data validation - Dates
  89. Lack of data validation - Numbers
  90. Lack of data validation - Out of range
  91. Lack of data validation - Emails
  92. Unauthorized access to files
  93. Asymmetric denial of service - ReDoS
  94. Business information leak - Credit Cards
  95. Business information leak - Users
  96. Message flooding
  97. Technical information leak - Headers
  98. Technical information leak - Print Functions
  99. Authentication mechanism absence or evasion - OTP
  100. Authentication mechanism absence or evasion - Admin Console
  101. Non-encrypted confidential information - LDAP
  102. Automatic information enumeration - Credit Cards
  103. Insecure encryption algorithm - DSA
  104. Insecure encryption algorithm - SHA1
  105. Insecure encryption algorithm - TripleDES
  106. Insecure functionality - File Creation
  107. Insecure functionality - Password management
  108. Insecure functionality - Masking
  109. Insecure functionality - Fingerprint
  110. Restricted fields manipulation
  111. Insecure exceptions - NullPointerException
  112. Session Fixation
  113. Insecure encryption algorithm - ECB
  114. Automatic information enumeration - Personal Information
  115. Non-encrypted confidential information - Base 64
  116. Insecure object reference - Personal information
  117. Insecure object reference - Financial information
  118. Technical information leak - Logs
  119. Technical information leak - IPs
  120. Business information leak - Financial Information
  121. Insecure session management - Change Password
  122. SQL injection - Code
  123. Authentication mechanism absence or evasion - Redirect
  124. Insecure functionality - Session management
  125. Security controls bypass or absence - Data creation
  126. Insecure object reference - Files
  127. Insecure object reference - Data
  128. Enabled default configuration
  129. Improper resource allocation - Memory leak
  130. Lack of data validation - HTML code
  131. XML injection (XXE) - Unmarshaller
  132. Sensitive information in source code - Dependencies
  133. Insufficient data authenticity validation - Images
  134. Insecure object reference - Session management
  135. Insecure or unset HTTP headers - Content-Type
  136. Lack of protection against brute force attacks - Credentials
  137. User Enumeration - Wordpress
  138. Use of insecure channel - Source code
  139. Insecure service configuration - Request Validation
  140. Lack of data validation - Special Characters
  141. Lack of data validation - OTP
  142. Insecure service configuration - BREACH Attack
  143. Lack of data validation - Non Sanitized Variables
  144. Security controls bypass or absence - Session Invalidation
  145. Automatic information enumeration - Corporate information
  146. Insecure file upload - Files Limit
  147. Insufficient data authenticity validation - Checksum verification
  148. Symmetric denial of service - SMTP
  149. Sensitive information in source code - Credentials
  150. Technical information leak - Content response
  151. Insecure object reference - User deletion
  152. DOM-Based cross-site scripting (XSS)
  153. Use of an insecure channel - HTTP
  154. Non-encrypted confidential information - Hexadecimal
  155. Insufficient data authenticity validation - Front bypass
  156. Insecure service configuration - Object Reutilization
  157. Insecure generation of random numbers - Static IV
  158. Security controls absence - Monitoring
  159. OS Command Injection
  160. Insecure service configuration - Header Checking
  161. Account Takeover
  162. Password reset poisoning
  163. Insecure encryption algorithm - Insecure Elliptic Curve
  164. Server side template injection
  165. Inappropriate coding practices - invalid file
  166. Use of software with known vulnerabilities in environments
  167. Security controls bypass or absence - Fingerprint
Last updated on