Description

This script is possibly vulnerable to HTTP Parameter Pollution attacks.

HPP attacks consist of injecting encoded query string delimiters into other existing parameters. If the web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either clientside or server-side attacks.

Remediation

The application should properly sanitize user input (URL encode) to protect against this vulnerability.

References

HTTP Parameter Pollution

Related Vulnerabilities

Argument Injection

Apache Solr Parameter Injection

WordPress Plugin WP Editor Multiple Vulnerabilities (1.2.5.3)

WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83)

WordPress Plugin Child Theme Creator by Orbisius Arbitrary File Modification (1.2.6)

Severity

Medium

Classification

CWE-88 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

HTTP Parameter Pollution