1.2.1304. Unvalidated Data Cached In Session¶
Data is cached in the $_SESSION variable and later reused. When data is not validated before this storage, it might be used to make an injection.
<?php
$_SESSION['a'] = $_GET['a'];
// across the code, this call
function foo() {
echo $_SESSION["a"];
}
?>
1.2.1304.1. Suggestions¶
Validate data before storing in the SESSION
1.2.1304.2. Specs¶
Short name |
Security/SessionCachedData |
Rulesets |
|
Exakat since |
2.5.2 |
Severity |
Minor |
Time To Fix |
Quick (30 mins) |
Precision |
Medium |
Available in |