• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
veracode scanning CI

#1
Presently my company signed up with this guy and scan to code project which I have developed based on CI 2.2.x
( I knew CI 3.1.4 is out a while but still migrating to it now as I have lot of changes to suit 3.1.4) and the vulnerables
were

[Image: severity-4.png]

250

Code:
    250
include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');

and this is in system/core/CodeIgniter.php

And the stated flaw is it is subject to remote file inclusion vulnerability!


I am kinda wonderouse if we have any defense for this and if someone knows please advise!

Many thanks
Reply

#2
It's a false-positive.
Reply

#3
(05-30-2017, 03:53 PM)Narf Wrote: It's a false-positive.

thanks Narf
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2017 MyBB Group.