SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

PHP

No. & Rule Name
CWE(s)
OWASP Top 10/SANS 25

(1) Use of Hardcoded Credentials

(798) Use of Hard-coded Credentials

OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

(259) Use of Hard-coded Password

SANS/CWE Top 25

(2) Use of Password Hash With Insufficient Computational Effort

(916) Use of Password Hash With Insufficient Computational Effort

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(3) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

(614) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(4) Hardcoded Secret

(547) Use of Hard-coded, Security-relevant Constants

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(5) Command Injection

(78) Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(6) Cross-site Scripting (XSS)

(79) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(7) Server-Side Request Forgery (SSRF)

(918) Server-Side Request Forgery (SSRF)

OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)

SANS/CWE Top 25

(8) Open Redirect

(601) URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(9) SQL Injection

(89) Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

SANS/CWE Top 25

(10) XML External Entity (XXE) Injection

(611) Improper Restriction of XML External Entity Reference

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

SANS/CWE Top 25

(11) Inadequate Encryption Strength

(326) Inadequate Encryption Strength

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(12) Use of Insufficiently Random Values

(330) Use of Insufficiently Random Values

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(13) Sensitive Cookie Without 'HttpOnly' Flag

(1004) Sensitive Cookie Without 'HttpOnly' Flag

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(14) Deserialization of Untrusted Data

(502) Deserialization of Untrusted Data

OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures

SANS/CWE Top 25

(15) Code Injection

(94) Improper Control of Generation of Code ('Code Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

(16) Information Exposure

(200) Exposure of Sensitive Information to an Unauthorized Actor

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

SANS/CWE Top 25

(17) Path Traversal

(23) Relative Path Traversal

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

(18) XPath Injection

(643) Improper Neutralization of Data within XPath Expressions ('XPath Injection')

OWASP Top Ten 2021 Category A03:2021 - Injection

(19) Arbitrary File Write via Archive Extraction (Zip Slip)

(22) Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

SANS/CWE Top 25

(20) Origin Validation Error

(942) Permissive Cross-domain Policy with Untrusted Domains

OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration

(346) Origin Validation Error

OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

(21) Cross-Site Request Forgery (CSRF)

(352) Cross-Site Request Forgery (CSRF)

OWASP Top Ten 2021 Category A01:2021 - Broken Access Control

SANS/CWE Top 25

(22) Improper Restriction of Rendered UI Layers or Frames

(1021) Improper Restriction of Rendered UI Layers or Frames

OWASP Top Ten 2021 Category A04:2021 - Insecure Design

(23) Allocation of Resources Without Limits or Throttling

(770) Allocation of Resources Without Limits or Throttling

(24) Weak Password Recovery Mechanism for Forgotten Password

(640) Weak Password Recovery Mechanism for Forgotten Password

OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures

(25) Regular Expression Denial of Service (ReDoS)

(400) Uncontrolled Resource Consumption

(26) Inadequate Padding for Public Key Encryption

(326) Inadequate Encryption Strength

OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures

(27) File Inclusion

(98) Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

OWASP Top Ten 2021 Category A03:2021 - Injection

PreviousJavaScript & TypeScriptNextPython

Last updated

Was this helpful?

#4580: CLI: help, Ignore - support ticket 49463-add Iac examples

Change request updated