File tampering

Description

This script is possibly vulnerable to file tampering.

The scanner detected that user input gets written to a file from the server. This alert requires user confirmation. It may be a false positive. It depends on the file that gets written and how/if user input is santitized before being written to this file. Please make sure that user input is not written to a file that gets interpreted by the web server (for example a PHP file) and check if this file is located inside the application directory.

Remediation

Please make sure that user input is properly sanitized before being written to the file.

Severity
Classification
Tags
  • Abuse Of Functionality