Back to Codebase

Vulnerability Analysis Report

Journal 3 Premium Theme v3.0.4.1

Scan ID: SCAN-JOURNAL-3-7o2hSl • Hash: 9ae5f16b

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.768s

Vulnerability Details

L1485

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1485
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selfParent !== null, 'at-root blocks must have a selfParent set.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1529

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1529
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->rootBlock !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1906

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1906
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1935

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1935
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3249

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3249
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($for instanceof ForBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6749

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6749
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($arg[0][1]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6905

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6905
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($originalRestArgumentName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7342

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7342
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L300

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:300
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($out !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L343

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:343
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L361

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:361
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L806

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:806
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1080

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1080
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($include));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L164

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:164
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ], $match[2] ? eval($match[2].';') : []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L9

Dynamic Code Execution in database.php

CWE-94
File Location: upload/install/controller/startup/database.php:9
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L768

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:768
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1504

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1504
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1850

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1850
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($child[1] instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3131

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3131
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3183

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3183
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3236

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3236
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($while instanceof WhileBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6774

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6774
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L10121

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:10121
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($selectorsMap));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:168
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:360
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1071

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1071
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1161

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1161
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1713

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1713
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2259

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2259
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:151
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L223

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:223
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $output = trim($template->render(eval($match[1].';')), "\n ");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L561

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:561
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L575

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:575
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($sourceMapGenerator !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1317

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1317
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($media instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1809

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1809
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1872

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1872
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1940

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1940
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3201

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3201
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($each instanceof EachBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7447

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7447
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L344

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:344
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in Crunched.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Crunched.php:74
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in Expanded.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Expanded.php:61
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in Nested.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Nested.php:72
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1092

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1092
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1196

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1196
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1697

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1697
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1744

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1744
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2255

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2255
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value) || $value instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2288

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2288
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($nextValue) || $nextValue instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Environment.php:360
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('?>'.$content);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in developer.php

CWE-94
File Location: upload/admin/controller/common/developer.php:15
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($eval);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L850

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:850
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1323

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1323
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1462

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1462
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof AtRootBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1497

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1497
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1534

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1534
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1738

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1738
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof DirectiveBlock || $block instanceof OutputBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1814

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1814
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1831

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1831
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1958

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1958
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selfParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2014

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:2014
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3159

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3159
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3310

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3310
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mixin instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3950

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3950
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($kebabCaseName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5053

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:5053
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($env->block instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6451

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6451
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($parsedPrototypes));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6926

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6926
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($default !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in Compressed.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Compressed.php:70
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L299

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:299
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L233

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:233
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonSourceMap !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:152
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$ret = '.$condition.';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Potential SQL Injection in DownloadTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/DownloadTest.php:27
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO " . DB_PREFIX . "download_description SET download_id = $downloadId, language_id = 1, `name` = ''");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L229

Potential SQL Injection in OrderTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/OrderTest.php:229
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO `" . DB_PREFIX . "order_history` SET order_id = $orderId, order_status_id = 1, notify = 1, comment = '', date_added = '1970-01-01 00:00:00'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L145

Potential SQL Injection in filter.php

CWE-89
File Location: upload/admin/model/catalog/filter.php:145
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L189

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:189
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->row;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L195

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:195
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->num_rows > 0;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L353

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:353
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L466

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:466
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $product_info = $this->db->query($sql)->row;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L19

Potential SQL Injection in chart.php

CWE-89
File Location: upload/admin/model/extension/dashboard/chart.php:19
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS total, HOUR(date_added) AS hour FROM `" . DB_PREFIX . "order` WHERE order_status_id IN(" . implode(",", $implode) . ") AND DATE(date_added) = DATE(NOW()) GROUP BY HOUR(date_added) ORDER BY date_added ASC");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L57

Potential SQL Injection in google_base.php

CWE-89
File Location: upload/admin/model/extension/feed/google_base.php:57
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L34

Potential SQL Injection in coupon.php

CWE-89
File Location: upload/admin/model/extension/report/coupon.php:34
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L290

Potential SQL Injection in sale.php

CWE-89
File Location: upload/admin/model/extension/report/sale.php:290
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L55

Potential SQL Injection in location.php

CWE-89
File Location: upload/admin/model/localisation/location.php:55
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L65

Potential SQL Injection in return_reason.php

CWE-89
File Location: upload/admin/model/localisation/return_reason.php:65
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L34

Potential SQL Injection in online.php

CWE-89
File Location: upload/admin/model/report/online.php:34
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L77

Potential SQL Injection in api.php

CWE-89
File Location: upload/admin/model/user/api.php:77
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L250

Potential SQL Injection in product.php

CWE-89
File Location: upload/catalog/model/catalog/product.php:250
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L133

Potential SQL Injection in google.php

CWE-89
File Location: upload/catalog/model/extension/advertise/google.php:133
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L557

Potential SQL Injection in amazon_login_pay.php

CWE-89
File Location: upload/catalog/model/extension/payment/amazon_login_pay.php:557
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->num_rows > 0;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L584

Potential SQL Injection in amazon_login_pay.php

CWE-89
File Location: upload/catalog/model/extension/payment/amazon_login_pay.php:584
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->num_rows > 0;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L103

Potential SQL Injection in opayo.php

CWE-89
File Location: upload/catalog/model/extension/payment/opayo.php:103
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("DELETE FROM `" . DB_PREFIX . "opayo_order` WHERE `order_id` = '" . $vendor_tx_code . "'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L398

Potential SQL Injection in squareup.php

CWE-89
File Location: upload/catalog/model/extension/payment/squareup.php:398
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("DELETE FROM `" . DB_PREFIX . "setting` WHERE `code`='payment_squareup' AND `key`='" . $key . "'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L31

Potential SQL Injection in voucher_theme.php

CWE-89
File Location: upload/catalog/model/extension/total/voucher_theme.php:31
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L27

Potential SQL Injection in return_reason.php

CWE-89
File Location: upload/catalog/model/localisation/return_reason.php:27
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L172

Potential SQL Injection in 1004.php

CWE-89
File Location: upload/install/model/upgrade/1004.php:172
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO `" . DB_PREFIX . "setting` SET store_id = '" . $result['store_id'] . "', `code` = '" . $result['code'] . "', `key` = '" . ($result['code'] . '_status') . "', value = 1");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L143

Potential SQL Injection in googleshopping.php

CWE-89
File Location: upload/system/library/googleshopping/googleshopping.php:143
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L544

Potential SQL Injection in googleshopping.php

CWE-89
File Location: upload/system/library/googleshopping/googleshopping.php:544
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L867

Potential SQL Injection in googleshopping.php

CWE-89
File Location: upload/system/library/googleshopping/googleshopping.php:867
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L47

Potential SQL Injection in ProductTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/catalog/ProductTest.php:47
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("UPDATE " . DB_PREFIX . "product SET date_available = '" . $product['date_available'] . "' WHERE product_id = 28");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L135

Potential SQL Injection in custom_field.php

CWE-89
File Location: upload/admin/model/customer/custom_field.php:135
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");