Update README.md by kmcdon83 · Pull Request #2 · Custodela/Riches.NET

kmcdon83 · 2025-01-24T15:45:36Z

No description provided.

kmcdon83 · 2025-01-24T15:48:02Z

Checkmarx One – Scan Summary & Details – eafa572c-2291-430c-b7c4-c1bd5b2de8b1

New Issues (351)

Checkmarx found the following issues in this Pull Request

Issue	Source File / Package	Checkmarx Insight
CVE-2010-1870	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2010-1870	Maven-com.opensymphony:xwork-2.0.4	Vulnerable Package
CVE-2012-0391	Maven-com.opensymphony:xwork-2.0.4	Vulnerable Package
CVE-2012-0391	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2012-0392	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2012-0838	Maven-com.opensymphony:xwork-2.0.4	Vulnerable Package
CVE-2012-0838	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2013-1965	Maven-com.opensymphony:xwork-2.0.4	Vulnerable Package
CVE-2013-1965	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2013-2134	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2013-2135	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2013-2251	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2013-4316	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2015-4852	Maven-commons-collections:commons-collections-3.1	Vulnerable Package
CVE-2015-7501	Maven-commons-collections:commons-collections-3.1	Vulnerable Package
CVE-2016-1000027	Maven-org.springframework:spring-web-2.0.5	Vulnerable Package
CVE-2016-1000031	Maven-commons-fileupload:commons-fileupload-1.2.1	Vulnerable Package
CVE-2016-1000031	Maven-commons-fileupload:commons-fileupload-1.1.1	Vulnerable Package
CVE-2016-2170	Maven-commons-collections:commons-collections-3.1	Vulnerable Package
CVE-2016-3082	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2016-4436	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2016-5018	Maven-tomcat:jasper-runtime-5.0.28	Vulnerable Package
CVE-2017-12611	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2017-5638	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2019-0230	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2019-17571	Maven-log4j:log4j-1.2.9	Vulnerable Package
CVE-2020-10683	Maven-dom4j:dom4j-1.4	Vulnerable Package
CVE-2020-17530	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2022-22965	Maven-org.springframework:spring-beans-2.0.5	Vulnerable Package
CVE-2022-23305	Maven-log4j:log4j-1.2.9	Vulnerable Package
CVE-2022-41853	Maven-org.hsqldb:hsqldb-2.3.2	Vulnerable Package
CVE-2023-50164	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2024-53677	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
Command_Injection	/riches.java/riches/pages/common/hidden_AdminControl.jsp: 74	details The application's hidden_AdminControl method calls an OS (shell) command with exec, at line 95 of /riches.java/riches/pages/common/hidden_AdminCont... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 60	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendMessage.java: 52	details The application's sendMail method calls an OS (shell) command with exec, at line 83 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 47	details The application's sendMail method calls an OS (shell) command with exec, at line 61 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 47	details The application's sendMail method calls an OS (shell) command with exec, at line 61 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 39	details The application's sendMail method calls an OS (shell) command with exec, at line 61 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
Command_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/oper/SendNewsletter.java: 39	details The application's sendMail method calls an OS (shell) command with exec, at line 61 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ric... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 65	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 57	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Users/AdminControlPage.aspx.cs: 96	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 74	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 74	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Users/AccountDetails.aspx.cs: 25	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 74	details The application's GetTransactionData method executes an SQL query with Fill, at line 85 of /riches.net/RichesDotnet/App_Code/Components/Transaction... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 48	details The application's GetAccountDataForUser method executes an SQL query with Fill, at line 41 of /riches.net/RichesDotnet/App_Code/Components/AccountD... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 40	details The application's GetAccountDataForUser method executes an SQL query with Fill, at line 41 of /riches.net/RichesDotnet/App_Code/Components/AccountD... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 58	details The application's FindAtmLocationByAddress method executes an SQL query with Fill, at line 43 of /riches.net/RichesDotnet/App_Code/Components/Locat... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 58	details The application's FindAtmLocationByAddress method executes an SQL query with Fill, at line 43 of /riches.net/RichesDotnet/App_Code/Components/Locat... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 58	details The application's FindAtmLocationByAddress method executes an SQL query with Fill, at line 43 of /riches.net/RichesDotnet/App_Code/Components/Locat... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 164	details The application's updateBalance method executes an SQL query with ExecuteNonQuery, at line 109 of /riches.net/RichesDotnet/App_Code/Components/Acco... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 141	details The application's updateBalance method executes an SQL query with ExecuteNonQuery, at line 109 of /riches.net/RichesDotnet/App_Code/Components/Acco... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 118	details The application's updateBalance method executes an SQL query with ExecuteNonQuery, at line 109 of /riches.net/RichesDotnet/App_Code/Components/Acco... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Users/Transfer.aspx.cs: 30	details The application's updateBalance method executes an SQL query with ExecuteNonQuery, at line 109 of /riches.net/RichesDotnet/App_Code/Components/Acco... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Users/Transfer.aspx.cs: 29	details The application's updateBalance method executes an SQL query with ExecuteNonQuery, at line 109 of /riches.net/RichesDotnet/App_Code/Components/Acco... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 49	details The application's FindAtmByZip method executes an SQL query with Fill, at line 31 of /riches.net/RichesDotnet/App_Code/Components/LocationDB.cs. Th... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Anonymous/FindLocations.aspx.cs: 20	details The application's FindAtmByZip method executes an SQL query with Fill, at line 31 of /riches.net/RichesDotnet/App_Code/Components/LocationDB.cs. Th... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 164	details The application's getBalance method executes an SQL query with ExecuteReader, at line 87 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 141	details The application's getBalance method executes an SQL query with ExecuteReader, at line 87 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/App_Code/Restful/RestfulServices.cs: 118	details The application's getBalance method executes an SQL query with ExecuteReader, at line 87 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Users/Transfer.aspx.cs: 30	details The application's getBalance method executes an SQL query with ExecuteReader, at line 87 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.... Attack Vector
SQL_Injection	/riches.net/RichesDotnet/Users/Transfer.aspx.cs: 29	details The application's getBalance method executes an SQL query with ExecuteReader, at line 87 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/AccountDetails.java: 58	details The application's getTransactionsDebug method executes an SQL query with list, at line 63 of /riches.java/riches/WEB-INF/src/java/com/fortify/sampl... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/AccountDetails.java: 58	details The application's getTransactions method executes an SQL query with list, at line 44 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/ri... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 50	details The application's findByZip method executes an SQL query with executeQuery, at line 111 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 28	details The application's findAtmByZip method executes an SQL query with list, at line 70 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riche... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/Messages.java: 20	details The application's getMessage method executes an SQL query with list, at line 138 of /riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 32	details The application's findAtmByAddress method executes an SQL query with executeQuery, at line 139 of /riches.java/riches/WEB-INF/src/java/com/fortify/... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 32	details The application's findAtmByAddress method executes an SQL query with executeQuery, at line 139 of /riches.java/riches/WEB-INF/src/java/com/fortify/... Attack Vector
SQL_Injection	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/FindLocations.java: 32	details The application's findAtmByAddress method executes an SQL query with executeQuery, at line 139 of /riches.java/riches/WEB-INF/src/java/com/fortify/... Attack Vector
Second_Order_SQL_Injection	/riches.net/RichesDotnet/App_Code/Components/AccountDB.cs: 66	details The application's updateBalance method executes an SQL query with ExecuteNonQuery, at line 109 of /riches.net/RichesDotnet/App_Code/Components/Acco... Attack Vector
Second_Order_SQL_Injection	/riches.net/RichesDotnet/App_Code/Components/AccountDB.cs: 66	details The application's getCcn method executes an SQL query with ExecuteReader, at line 119 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.cs.... Attack Vector
Second_Order_SQL_Injection	/riches.net/RichesDotnet/App_Code/Components/AccountDB.cs: 66	details The application's getBalance method executes an SQL query with ExecuteReader, at line 87 of /riches.net/RichesDotnet/App_Code/Components/AccountDB.... Attack Vector
Stored_XSS	/riches.net/RichesDotnet/App_Code/Components/ProfileDB.cs: 46	details The method Page_Load embeds untrusted data in generated output with Text, at line 14 of /riches.net/RichesDotnet/Users/UsersMaster.master.cs. This ... Attack Vector
Stored_XSS	/riches.net/RichesDotnet/App_Code/Components/ProfileDB.cs: 46	details The method Page_Load embeds untrusted data in generated output with Text, at line 14 of /riches.net/RichesDotnet/Admin/AdminMaster.master.cs. This ... Attack Vector
Stored_XSS	/riches.net/RichesDotnet/Users/ViewMessage.aspx: 30	details The method Checkmarx_Container embeds untrusted data in generated output with Write, at line 1 of /riches.net/RichesDotnet/Users/ViewMessage.aspx. ... Attack Vector
Stored_XSS	/riches.java/riches/WEB-INF/src/java/com/fortify/samples/riches/model/TransactionService.java: 168	details The method GetTransactions embeds untrusted data in generated output with GetTransactionsXML, at line 118 of /riches.java/riches/WEB-INF/src/java/c... Attack Vector
Stored_XSS	/riches.java/riches/pages/FilesViewer.jsp: 13	details The method FilesViewer embeds untrusted data in generated output with println, at line 15 of /riches.java/riches/pages/FilesViewer.jsp. This untrus... Attack Vector
Stored_XSS	/riches.java/riches/pages/Backup.jsp: 11	details The method Backup embeds untrusted data in generated output with print, at line 12 of /riches.java/riches/pages/Backup.jsp. This untrusted data is ... Attack Vector
CVE-2006-1546	Maven-struts:struts-1.1	Vulnerable Package
CVE-2006-1547	Maven-struts:struts-1.1	Vulnerable Package
CVE-2011-2730	Maven-org.springframework:spring-web-2.0.5	Vulnerable Package
CVE-2012-1592	Maven-org.apache.struts:struts2-core-2.0.11	Vulnerable Package
CVE-2013-2186	Maven-commons-fileupload:commons-fileupload-1.2.1	Vulnerable Package
CVE-2013-2186	Maven-commons-fileupload:commons-fileupload-1.1.1	Vulnerable Package

More results are available on the CxOne platform

Update README.md

5970c8f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update README.md#2

Update README.md#2
kmcdon83 wants to merge 1 commit intomasterfrom
kmcdon83-patch-2

kmcdon83 commented Jan 24, 2025

Uh oh!

kmcdon83 commented Jan 24, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

kmcdon83 commented Jan 24, 2025

Uh oh!

kmcdon83 commented Jan 24, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant