File tampering

Description

This script is possibly vulnerable to file tampering.

The scanner detected that user input gets written to a file from the server. This alert requires user confirmation. It may be a false positive. It depends on the file that gets written and how/if user input is santitized before being written to this file. Please make sure that user input is not written to a file that gets interpreted by the web server (for example a PHP file) and check if this file is located inside the application directory.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
This vulnerability allows attackers to tamper with the content of particular files from the web server.

Recommendation
Please make sure that user input is properly sanitized before being written to the file.