Code_Injection @ /ReturnSevered1.bas

[cx-boris-goman]

Checkmarx (SAST): Code_Injection
Security Issue: Read More about Code_Injection
Checkmarx Project: cx-boris-goman/borJavaVul
Repository URL: https://github.com/cx-boris-goman/borJavaVul
Branch: main
Scan ID: df63710a-c9c2-4406-9ad7-319bd05458a4

---

The application's dailypassword method receives and dynamically executes user-controlled code using execute, at line 29 of /ReturnSevered1.bas. This could enable an attacker to inject and run arbitrary code.

The attacker can inject the executed code via user input, inputbox, which is retrieved by the application in the dailypassword method, at line 22 of /ReturnSevered1.bas.

Result 1:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. inputbox: /ReturnSevered1.bas[22,6]
    2. t: /ReturnSevered1.bas[22,2]
    3. t: /ReturnSevered1.bas[29,14]
    4. execute: /ReturnSevered1.bas[29,5]
    Review result in Checkmarx One: Code_Injection

Result 2:
Severity: CRITICAL
State: TO_VERIFY
Status: RECURRENT
Attack Vector:

    1. inputbox: /ReturnSevered1.bas[22,6]
    2. t: /ReturnSevered1.bas[22,2]
    3. t: /ReturnSevered1.bas[26,17]
    4. execute: /ReturnSevered1.bas[26,8]
    Review result in Checkmarx One: Code_Injection