+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: General (https://forum.codeigniter.com/forumdisplay.php?fid=1)
+--- Forum: Lounge (https://forum.codeigniter.com/forumdisplay.php?fid=3)
+--- Thread: veracode scanning CI (/showthread.php?tid=68134)
veracode scanning CI - ciadvantage - 05-30-2017
Presently my company signed up with this guy and scan to code project which I have developed based on CI 2.2.x
( I knew CI 3.1.4 is out a while but still migrating to it now as I have lot of changes to suit 3.1.4) and the vulnerables
were
![[Image: severity-4.png]](https://analysiscenter.veracode.com/images/severity/severity-4.png){kind=small}
250
Code:
250
include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');and this is inĀ system/core/CodeIgniter.php
And the stated flaw is it is subject to remote file inclusion vulnerability!
I am kinda wonderouse if we have any defense for this and if someone knows please advise!
Many thanks
RE: veracode scanning CI - Narf - 05-30-2017
It's a false-positive.
RE: veracode scanning CI - ciadvantage - 05-31-2017
(05-30-2017, 02:53 PM)Narf Wrote: It's a false-positive.
thanks Narf