Parameter_Tampering @ /encode.frm

[cx-tamar-brenig]

Checkmarx (SAST): Parameter_Tampering
Security Issue: Read More about Parameter_Tampering
Checkmarx Project: AsafOrgTesting/FlowListenerPublicRepo
Repository URL: https://github.com/AsafOrgTesting/FlowListenerPublicRepo
Branch: main
Scan ID: 2e34543b-886d-4d6e-a92b-ab98a7cee728

---

Method CxMethod_Vb6_encode_d95407b7 at line 65 of /encode.frm gets user input from element text. This input is later concatenated by the application directly into a string variable containing SQL commands, without being validated. This string is then used in method CxMethod_Vb6_encode_d95407b7 to query the database open, at line 82 of /encode.frm, without any additional filtering by the database. This could allow the user to tamper with the filter parameter.

Result #1:
Severity: MEDIUM
State: TO_VERIFY
Status: NEW
Attack Vector:

    1. text: /encode.frm[65,9]
    2. p: /encode.frm[65,1]
    3. p: /encode.frm[78,23]
    4. append: /encode.frm[78,15]
    5. parameters: /encode.frm[78,4]
    6. cmd: /encode.frm[78,1]
    7. cmd: /encode.frm[82,9]
    8. open: /encode.frm[82,3]
    Review result in Checkmarx One: Parameter_Tampering