Back to Codebase

Vulnerability Analysis Report

Journal 3 Premium Theme v3.0.5.0

Scan ID: SCAN-JOURNAL-3-pLv9qP • Hash: f0d48bde

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.044s

Vulnerability Details

L72

Dynamic Code Execution in ModifiableCssNode.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Css/ModifiableCssNode.php:72
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->indexInParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L125

Dynamic Code Execution in ModifiableCssNode.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Css/ModifiableCssNode.php:125
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->indexInParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L374

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:374
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($stylesheet !== null, 'The filesystem importer never returns null when loading a canonical URL. It either succeeds or throws an error.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L603

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:603
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L791

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:791
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L545

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:545
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($removedMixins !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1300

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1300
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($import instanceof StaticImport);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1437

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1437
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($declaration instanceof MixinRule);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1533

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1533
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->mediaQueries !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1623

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1623
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($result instanceof CssMediaQuery);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1955

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1955
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result instanceof SassNumber);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3297

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:3297
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($grandParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3300

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:3300
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($lastChild instanceof ModifiableCssParentNode);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1149

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:1149
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($result));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L426

Dynamic Code Execution in ColorFunctions.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Function/ColorFunctions.php:426
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($argumentList instanceof SassArgumentList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L478

Dynamic Code Execution in SassParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/SassParser.php:478
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->nextIndentationEnd !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1938

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1938
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operators !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1940

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1940
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operator !== null, 'The list of operators must not be empty');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2718

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2718
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '+');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L171

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:171
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($minimumIndentation !== -1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L529

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:529
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Character::isWhitespace($scanner->peekChar(-1)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L749

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:749
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(false, 'unknown format');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in SingleMapping.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SingleMapping.php:152
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($segment->sourceColumn !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in ComplexSassNumber.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/ComplexSassNumber.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\count($numeratorUnits) > 1 || \count($denominatorUnits) > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L209

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:209
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->saturation));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in ValueConverter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/ValueConverter.php:46
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($arguments[0] instanceof Value);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:154
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($lineStart !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L397

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:397
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(!Util::isMultiline($span));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L222

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:222
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ], $match[2] ? eval($match[2].';') : []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in developer.php

CWE-94
File Location: upload/admin/controller/common/developer.php:15
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($eval);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L504

Dynamic Code Execution in 1010.php

CWE-94
File Location: upload/install/model/upgrade/1010.php:504
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L161

Dynamic Code Execution in ArgumentDeclaration.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentDeclaration.php:161
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($unknownNames) > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L706

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:706
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:232
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->lastVariableIndex !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L539

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:539
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($removedFunctions !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L471

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:471
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->callableNode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L493

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:493
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($callableNode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1353

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1353
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->importSpan === null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2500

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2500
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($elements) > 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L486

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:486
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($extensionStore instanceof ConcreteExtensionStore);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L723

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:723
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($extended === null || \count($extended) > 0, "extendSimple($simple) should return null rather than [] if extension fails.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L818

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:818
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($extender->selector->getComponents()) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L528

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:528
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($component2 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L96

Dynamic Code Execution in ImportCache.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Importer/ImportCache.php:96
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($cacheable, 'Relative loads should always be cacheable because they never provide access to the containing URL.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L110

Dynamic Code Execution in InterpolationMap.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/InterpolationMap.php:110
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($previousComponent instanceof Expression);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L217

Dynamic Code Execution in SelectorParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/SelectorParser.php:217
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($initialCombinators === null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1423

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1423
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($name->getAsPlain() !== 'not');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1937

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1937
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operands !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2352

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2352
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($singleExpression !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2605

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2605
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '#');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2752

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2752
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '!');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L427

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:427
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L907

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:907
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($value->getSeparator()->getSeparator() !== null, 'The list separator is not undecided at that point.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L52

Dynamic Code Execution in ParserUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Util/ParserUtil.php:52
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_int($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in UriUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Util/UriUtil.php:36
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($resolvedUri instanceof UriInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in CalculationOperation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/CalculationOperation.php:66
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->right instanceof Equatable);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L169

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:169
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->red));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L219

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:219
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->lightness));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in ValueConverter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/ValueConverter.php:45
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($arguments) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L398

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:398
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(str_contains($line->text, $span->getText()));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L145

Dynamic Code Execution in SourceFile.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/SourceFile.php:145
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->cachedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L95

Dynamic Code Execution in Util.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Util.php:95
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($list));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L420

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Environment.php:420
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('?>'.$content);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in ArgumentDeclaration.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentDeclaration.php:179
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($dot !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in ArgumentInvocation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentInvocation.php:48
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($keywordRest === null || $rest !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L314

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:314
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->lastVariableIndex !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L532

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:532
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($removedVariables !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L490

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:490
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($args instanceof SassArgumentList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1532

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1532
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->mediaQuerySources !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2588

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2588
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($argument->getDefaultValue() !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2822

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2822
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($key instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2854

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2854
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($key instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3082

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:3082
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($tuple[1] !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L572

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:572
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($result === null || \count($result) > 0, "extendComplex($complex) should return null rather than [] if extension fails.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L873

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:873
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($finalExtenderComponent->getCombinators()) === 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L116

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:116
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($unifiedBase !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L526

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:526
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($component1 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L603

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:603
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($component2 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L604

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:604
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($combinator2 !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L60

Dynamic Code Execution in ListFunctions.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Function/ListFunctions.php:60
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($newList), 'The mutation is guaranteed to affect an existing index');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L134

Dynamic Code Execution in CssParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/CssParser.php:134
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plain !== null); // CSS doesn't allow non-plain identifiers
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L213

Dynamic Code Execution in SassParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/SassParser.php:213
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($indentation === 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2345

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2345
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($singleExpression !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2733

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2733
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '-');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L336

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:336
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($node->getParent() !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1152

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:1152
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(preg_match('/^-?\d+(\.\d+)?$/D', $text) === 1, "\"$text\" should be a number written without exponent notation.");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L62

Dynamic Code Execution in StringUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Util/StringUtil.php:62
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($end !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in CalculationOperation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/CalculationOperation.php:65
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->left instanceof Equatable);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L988

Dynamic Code Execution in SassCalculation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassCalculation.php:988
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($argument instanceof SassNumber || $argument instanceof SassString || $argument instanceof SassCalculation || $argument instanceof CalculationOperation);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:179
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->green));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L189

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:189
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->blue));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L199

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:199
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->hue));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in ValueConverter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/ValueConverter.php:57
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($value !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in Highlight.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlight.php:201
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($lineStart !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L306

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:306
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($startLine === $line->number || $endLine === $line->number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L9

Dynamic Code Execution in database.php

CWE-94
File Location: upload/install/controller/startup/database.php:9
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in ModifiableCssNode.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Css/ModifiableCssNode.php:132
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($child->indexInParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L176

Dynamic Code Execution in ArgumentDeclaration.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentDeclaration.php:176
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($lastDollar !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L202

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:202
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->lastVariableIndex !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L442

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:442
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->callableNode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.