Welcome Guest, Not a member yet? Register   Sign In
veracode scanning CI
#1

Presently my company signed up with this guy and scan to code project which I have developed based on CI 2.2.x
( I knew CI 3.1.4 is out a while but still migrating to it now as I have lot of changes to suit 3.1.4) and the vulnerables
were

[Image: severity-4.png]

250

Code:
    250
include(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().'.php');

and this is inĀ system/core/CodeIgniter.php

And the stated flaw is it is subject to remote file inclusion vulnerability!


I am kinda wonderouse if we have any defense for this and if someone knows please advise!

Many thanks
Reply
#2

It's a false-positive.
Reply
#3

(05-30-2017, 02:53 PM)Narf Wrote: It's a false-positive.

thanks Narf
Reply




Theme © iAndrew 2016 - Forum software by © MyBB