Skip to content

CX Improper_Resource_Access_Authorization @ root/register.jsp [master] #47

New issue
New issue
Open
Open
CX Improper_Resource_Access_Authorization @ root/register.jsp [master]#47
@CxYair

Description

@CxYair
CxYair
opened on Mar 18, 2021

Improper_Resource_Access_Authorization issue exists @ root/register.jsp in branch master

An I\O action occurs at root\register.jsp in 29 without authorization checks.

Severity: Low

CWE:285

Checkmarx

Training
Recommended Fix

Lines: 59 60 29 30

Code (Line #59):

				stmt.execute("UPDATE Users SET currentbasketid = " + basketId + " WHERE userid = " + userid);

Code (Line #60):

				stmt.execute("UPDATE Baskets SET userid = " + userid + " WHERE basketid = " + basketId);

Code (Line #29):

			stmt.executeQuery("INSERT INTO Users (name, type, password) VALUES ('" + username + "', 'USER', '" + password1 + "')");

Code (Line #30):

			rs = stmt.executeQuery("SELECT * FROM Users WHERE (name = '" + username + "' AND password = '" + password1 + "')");

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions