1.2.1304. Unvalidated Data Cached In Session

Data is cached in the $_SESSION variable and later reused. When data is not validated before this storage, it might be used to make an injection.

<?php

$_SESSION['a'] = $_GET['a'];

// across the code, this call
function foo() {
     echo $_SESSION["a"];
}

?>

1.2.1304.1. Suggestions

• Validate data before storing in the SESSION

1.2.1304.2. Specs

Short name	Security/SessionCachedData
Rulesets	All, Changed Behavior, Security
Exakat since	2.5.2
Severity	Minor
Time To Fix	Quick (30 mins)
Precision	Medium
Available in	Entreprise Edition, Exakat Cloud