Back to Codebase

Vulnerability Analysis Report

Journal 3 Premium Theme v2.0.0.0

Scan ID: SCAN-JOURNAL-3-nh6Qg3 • Hash: 9843a745

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.841s

Vulnerability Details

L65

Dynamic Code Execution in index.php

CWE-94
File Location: upload/install/index.php:65
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Potential SQL Injection in DownloadTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/DownloadTest.php:27
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO " . DB_PREFIX . "download_description SET download_id = $downloadId, language_id = 1, `name` = ''");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L98

Potential SQL Injection in banner.php

CWE-89
File Location: upload/admin/model/design/banner.php:98
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L61

Potential SQL Injection in country.php

CWE-89
File Location: upload/admin/model/localisation/country.php:61
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L53

Potential SQL Injection in location.php

CWE-89
File Location: upload/admin/model/localisation/location.php:53
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L63

Potential SQL Injection in stock_status.php

CWE-89
File Location: upload/admin/model/localisation/stock_status.php:63
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L74

Potential SQL Injection in tax_rate.php

CWE-89
File Location: upload/admin/model/localisation/tax_rate.php:74
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L68

Potential SQL Injection in weight_class.php

CWE-89
File Location: upload/admin/model/localisation/weight_class.php:68
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L385

Potential SQL Injection in amazon.php

CWE-89
File Location: upload/admin/model/openbay/amazon.php:385
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $rows = $this->db->query($query)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L450

Potential SQL Injection in ebay.php

CWE-89
File Location: upload/admin/model/openbay/ebay.php:450
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $cat_qry = $this->db->query("SELECT * FROM `" . DB_PREFIX . "ebay_category` WHERE `CategoryParentID` = '" . $parent . "'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L484

Potential SQL Injection in ebay.php

CWE-89
File Location: upload/admin/model/openbay/ebay.php:484
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $qry = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L56

Potential SQL Injection in coupon.php

CWE-89
File Location: upload/admin/model/report/coupon.php:56
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L202

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:202
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L290

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:290
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L312

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:312
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L386

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:386
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L64

Potential SQL Injection in product.php

CWE-89
File Location: upload/admin/model/report/product.php:64
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L369

Potential SQL Injection in sale.php

CWE-89
File Location: upload/admin/model/report/sale.php:369
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L361

Potential SQL Injection in order.php

CWE-89
File Location: upload/admin/model/sale/order.php:361
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "order` WHERE " . implode(" OR ", $implode) . "");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L144

Potential SQL Injection in return.php

CWE-89
File Location: upload/admin/model/sale/return.php:144
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L42

Potential SQL Injection in manufacturer.php

CWE-89
File Location: upload/catalog/model/catalog/manufacturer.php:42
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L63

Potential SQL Injection in return_reason.php

CWE-89
File Location: upload/catalog/model/localisation/return_reason.php:63
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L165

Potential SQL Injection in upgrade.php

CWE-89
File Location: upload/install/model/upgrade.php:165
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("ALTER TABLE `" . $table['name'] . "` ENGINE = `" . $table['option']['ENGINE'] . "`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L260

Potential SQL Injection in upgrade.php

CWE-89
File Location: upload/install/model/upgrade.php:260
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("ALTER TABLE `" . $table['name'] . "` ADD PRIMARY KEY(" . implode(',', $primary_data) . ")");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L272

Potential SQL Injection in upgrade.php

CWE-89
File Location: upload/install/model/upgrade.php:272
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("ALTER TABLE `" . $table['name'] . "` ADD INDEX (" . implode(',', $index_data) . ")");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L28

Potential SQL Injection in DownloadTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/DownloadTest.php:28
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO " . DB_PREFIX . "product_to_download SET product_id = 1, download_id = $downloadId");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L229

Potential SQL Injection in OrderTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/OrderTest.php:229
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO `" . DB_PREFIX . "order_history` SET order_id = $orderId, order_status_id = 1, notify = 1, comment = '', date_added = '1970-01-01 00:00:00'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L113

Potential SQL Injection in filter.php

CWE-89
File Location: upload/admin/model/catalog/filter.php:113
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L128

Potential SQL Injection in information.php

CWE-89
File Location: upload/admin/model/catalog/information.php:128
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L309

Potential SQL Injection in language.php

CWE-89
File Location: upload/admin/model/localisation/language.php:309
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L63

Potential SQL Injection in order_status.php

CWE-89
File Location: upload/admin/model/localisation/order_status.php:63
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L633

Potential SQL Injection in ebay.php

CWE-89
File Location: upload/admin/model/openbay/ebay.php:633
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $res = $this->db->query("SELECT `used` FROM `" . DB_PREFIX . "ebay_category_history` WHERE `CategoryID` = '" . $original_id . "' LIMIT 1");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L150

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:150
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L50

Potential SQL Injection in marketing.php

CWE-89
File Location: upload/admin/model/report/marketing.php:50
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L96

Potential SQL Injection in return.php

CWE-89
File Location: upload/admin/model/report/return.php:96
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L171

Potential SQL Injection in sale.php

CWE-89
File Location: upload/admin/model/report/sale.php:171
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L313

Potential SQL Injection in sale.php

CWE-89
File Location: upload/admin/model/report/sale.php:313
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L133

Potential SQL Injection in custom_field.php

CWE-89
File Location: upload/admin/model/sale/custom_field.php:133
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L150

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/sale/customer.php:150
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L30

Potential SQL Injection in recurring.php

CWE-89
File Location: upload/admin/model/sale/recurring.php:30
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L62

Potential SQL Injection in voucher_theme.php

CWE-89
File Location: upload/admin/model/sale/voucher_theme.php:62
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L104

Potential SQL Injection in upload.php

CWE-89
File Location: upload/admin/model/tool/upload.php:104
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L36

Potential SQL Injection in return.php

CWE-89
File Location: upload/catalog/model/account/return.php:36
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS total FROM `" . DB_PREFIX . "return`WHERE customer_id = '" . $this->customer->getId() . "'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L240

Potential SQL Injection in product.php

CWE-89
File Location: upload/catalog/model/catalog/product.php:240
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L31

Potential SQL Injection in voucher_theme.php

CWE-89
File Location: upload/catalog/model/checkout/voucher_theme.php:31
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L115

Potential SQL Injection in amazon_product.php

CWE-89
File Location: upload/catalog/model/openbay/amazon_product.php:115
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L371

Potential SQL Injection in sagepay_direct.php

CWE-89
File Location: upload/catalog/model/payment/sagepay_direct.php:371
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $qry = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L170

Potential SQL Injection in upgrade.php

CWE-89
File Location: upload/install/model/upgrade.php:170
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("ALTER TABLE `" . $table['name'] . "` DEFAULT CHARACTER SET `" . $table['option']['CHARSET'] . "` COLLATE `" . $table['option']['COLLATE'] . "`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L10

Potential SQL Injection in CurrencyTest.php

CWE-89
File Location: tests/phpunit/opencart/system/library/CurrencyTest.php:10
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO " . DB_PREFIX . "currency SET currency_id = '2', title = 'US Dollar', code = 'USD', symbol_left = '$', symbol_right = '', decimal_place = '2', value = '1.00000000', status = '1', date_modified = '2011-07-16 16:55:46'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L406

Potential SQL Injection in product.php

CWE-89
File Location: upload/admin/model/catalog/product.php:406
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L110

Potential SQL Injection in recurring.php

CWE-89
File Location: upload/admin/model/catalog/recurring.php:110
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L94

Potential SQL Injection in review.php

CWE-89
File Location: upload/admin/model/catalog/review.php:94
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L118

Potential SQL Injection in review.php

CWE-89
File Location: upload/admin/model/catalog/review.php:118
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L60

Potential SQL Injection in modification.php

CWE-89
File Location: upload/admin/model/extension/modification.php:60
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L72

Potential SQL Injection in currency.php

CWE-89
File Location: upload/admin/model/localisation/currency.php:72
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L63

Potential SQL Injection in return_reason.php

CWE-89
File Location: upload/admin/model/localisation/return_reason.php:63
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L185

Potential SQL Injection in affiliate.php

CWE-89
File Location: upload/admin/model/marketing/affiliate.php:185
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L96

Potential SQL Injection in marketing.php

CWE-89
File Location: upload/admin/model/marketing/marketing.php:96
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L92

Potential SQL Injection in affiliate.php

CWE-89
File Location: upload/admin/model/report/affiliate.php:92
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L300

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/sale/customer.php:300
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L316

Potential SQL Injection in order.php

CWE-89
File Location: upload/admin/model/sale/order.php:316
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L444

Potential SQL Injection in order.php

CWE-89
File Location: upload/admin/model/sale/order.php:444
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT DISTINCT email FROM `" . DB_PREFIX . "order` o LEFT JOIN " . DB_PREFIX . "order_product op ON (o.order_id = op.order_id) WHERE (" . implode(" OR ", $implode) . ") AND o.order_status_id <> '0'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L97

Potential SQL Injection in recurring.php

CWE-89
File Location: upload/admin/model/sale/recurring.php:97
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $results = $this->db->query($sql)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L55

Potential SQL Injection in api.php

CWE-89
File Location: upload/admin/model/user/api.php:55
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L489

Potential SQL Injection in product.php

CWE-89
File Location: upload/catalog/model/catalog/product.php:489
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L104

Potential SQL Injection in sagepay_direct.php

CWE-89
File Location: upload/catalog/model/payment/sagepay_direct.php:104
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("DELETE FROM `" . DB_PREFIX . "sagepay_direct_order` WHERE order_id = '" . $vendor_tx_code . "'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L148

Potential SQL Injection in upgrade.php

CWE-89
File Location: upload/install/model/upgrade.php:148
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $field_query = $this->db->query("SHOW COLUMNS FROM `" . $table['Tables_in_' . DB_DATABASE] . "`");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L249

Potential SQL Injection in upgrade.php

CWE-89
File Location: upload/install/model/upgrade.php:249
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("ALTER TABLE `" . $table['name'] . "` DROP PRIMARY KEY");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L125

Potential SQL Injection in openbay.php

CWE-89
File Location: upload/system/library/openbay.php:125
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $res = $this->db->query("SHOW COLUMNS FROM `" . DB_PREFIX . $table . "` LIKE '" . $column . "'");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L89

Potential SQL Injection in attribute.php

CWE-89
File Location: upload/admin/model/catalog/attribute.php:89
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L113

Potential SQL Injection in manufacturer.php

CWE-89
File Location: upload/admin/model/catalog/manufacturer.php:113
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L119

Potential SQL Injection in option.php

CWE-89
File Location: upload/admin/model/catalog/option.php:119
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L631

Potential SQL Injection in product.php

CWE-89
File Location: upload/admin/model/catalog/product.php:631
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L99

Potential SQL Injection in layout.php

CWE-89
File Location: upload/admin/model/design/layout.php:99
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L63

Potential SQL Injection in return_action.php

CWE-89
File Location: upload/admin/model/localisation/return_action.php:63
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L68

Potential SQL Injection in tax_class.php

CWE-89
File Location: upload/admin/model/localisation/tax_class.php:68
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L60

Potential SQL Injection in zone.php

CWE-89
File Location: upload/admin/model/localisation/zone.php:60
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L110

Potential SQL Injection in coupon.php

CWE-89
File Location: upload/admin/model/marketing/coupon.php:110
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L122

Potential SQL Injection in marketing.php

CWE-89
File Location: upload/admin/model/marketing/marketing.php:122
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L592

Potential SQL Injection in amazon.php

CWE-89
File Location: upload/admin/model/openbay/amazon.php:592
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $rows = $this->db->query($sql)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L166

Potential SQL Injection in order.php

CWE-89
File Location: upload/admin/model/openbay/order.php:166
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $sql = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L34

Potential SQL Injection in coupon.php

CWE-89
File Location: upload/admin/model/report/coupon.php:34
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L254

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:254
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L54

Potential SQL Injection in return.php

CWE-89
File Location: upload/admin/model/report/return.php:54
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L413

Potential SQL Injection in sale.php

CWE-89
File Location: upload/admin/model/report/sale.php:413
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L44

Potential SQL Injection in customer_ban_ip.php

CWE-89
File Location: upload/admin/model/sale/customer_ban_ip.php:44
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L236

Potential SQL Injection in order.php

CWE-89
File Location: upload/admin/model/sale/order.php:236
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L78

Potential SQL Injection in upload.php

CWE-89
File Location: upload/admin/model/tool/upload.php:78
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L49

Potential SQL Injection in user_group.php

CWE-89
File Location: upload/admin/model/user/user_group.php:49
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L36

Potential SQL Injection in transaction.php

CWE-89
File Location: upload/catalog/model/account/transaction.php:36
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L362

Potential SQL Injection in sagepay_server.php

CWE-89
File Location: upload/catalog/model/payment/sagepay_server.php:362
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $qry = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L115

Potential SQL Injection in affiliate.php

CWE-89
File Location: upload/admin/model/marketing/affiliate.php:115
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L564

Potential SQL Injection in amazonus.php

CWE-89
File Location: upload/admin/model/openbay/amazonus.php:564
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->row['product_total'];
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L284

Potential SQL Injection in ebay.php

CWE-89
File Location: upload/admin/model/openbay/ebay.php:284
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $qry = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L47

Potential SQL Injection in etsy_product.php

CWE-89
File Location: upload/admin/model/openbay/etsy_product.php:47
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $qry = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L52

Potential SQL Injection in order.php

CWE-89
File Location: upload/admin/model/openbay/order.php:52
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L158

Potential SQL Injection in affiliate.php

CWE-89
File Location: upload/admin/model/report/affiliate.php:158
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L188

Potential SQL Injection in affiliate.php

CWE-89
File Location: upload/admin/model/report/affiliate.php:188
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L128

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:128
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L232

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/report/customer.php:232
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");