Back to Codebase

Vulnerability Analysis Report

Journal 3 Premium Theme v4.1.0.0

Scan ID: SCAN-JOURNAL-3-u3IGBu • Hash: b06baa5b

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
1.001s

Vulnerability Details

L39

Dynamic Code Execution in NativeResource.php

CWE-94
File Location: upload/system/storage/vendor/aws/aws-crt-php/src/AWS/CRT/NativeResource.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->native == null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1332

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1332
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($media instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1512

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1512
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1519

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1519
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1754

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1754
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof DirectiveBlock || $block instanceof OutputBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1888

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1888
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1974

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1974
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selfParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5069

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:5069
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($env->block instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6968

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6968
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($default !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L299

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:299
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1749

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1749
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2265

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2265
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value) || $value instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:151
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L407

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Environment.php:407
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('?>'.$content);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L31

Dynamic Code Execution in Log.php

CWE-94
File Location: upload/system/storage/vendor/aws/aws-crt-php/src/AWS/CRT/Log.php:31
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(get_resource_type($stream) == "stream");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L576

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:576
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1477

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1477
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof AtRootBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1847

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1847
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1866

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1866
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($child[1] instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1951

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1951
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1956

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1956
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3147

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3147
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3252

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3252
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($while instanceof WhileBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3326

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3326
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mixin instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6493

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6493
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($parsedPrototypes));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6947

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6947
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($originalRestArgumentName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L10163

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:10163
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($selectorsMap));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:168
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L344

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:344
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L361

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:361
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in Crunched.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Crunched.php:74
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in Nested.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Nested.php:72
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L186

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:186
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ], $match[2] ? eval($match[2].';') : []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L865

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:865
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1338

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1338
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1544

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1544
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->rootBlock !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1825

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1825
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1830

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1830
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2030

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:2030
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3199

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3199
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6791

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6791
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($arg[0][1]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7384

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7384
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7489

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7489
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L300

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:300
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($out !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:360
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L807

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:807
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1072

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1072
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1081

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1081
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($include));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1093

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1093
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1197

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1197
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1702

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1702
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1718

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1718
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L176

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:176
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$ret = '.$condition.';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L245

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:245
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $output = trim($template->render(eval($match[1].';')), "\n ");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in Log.php

CWE-94
File Location: upload/system/storage/vendor/aws/aws-crt-php/src/AWS/CRT/Log.php:40
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($level >= self::NONE && $level <= self::TRACE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L590

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:590
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($sourceMapGenerator !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L783

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:783
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1500

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1500
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selfParent !== null, 'at-root blocks must have a selfParent set.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1549

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1549
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1674

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1674
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\is_array($reParsedWith));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1922

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1922
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3175

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3175
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3217

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3217
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($each instanceof EachBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3265

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3265
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($for instanceof ForBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3966

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3966
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($kebabCaseName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5745

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:5745
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\is_string($c) || $c instanceof \Closure);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6816

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6816
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L343

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:343
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in Compressed.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Compressed.php:70
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in Expanded.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Expanded.php:61
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1162

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1162
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2269

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2269
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2298

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2298
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($nextValue) || $nextValue instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L233

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:233
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonSourceMap !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L301

Potential SQL Injection in backup.php

CWE-89
File Location: upload/admin/controller/tool/backup.php:301
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query(substr($line, 0, strlen($line) - 2));
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L1676

Potential SQL Injection in product.php

CWE-89
File Location: upload/admin/model/catalog/product.php:1676
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L520

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/customer/customer.php:520
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L174

Potential SQL Injection in customer_approval.php

CWE-89
File Location: upload/admin/model/customer/customer_approval.php:174
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L171

Potential SQL Injection in customer_group.php

CWE-89
File Location: upload/admin/model/customer/customer_group.php:171
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L205

Potential SQL Injection in gdpr.php

CWE-89
File Location: upload/admin/model/customer/gdpr.php:205
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L102

Potential SQL Injection in seo_url.php

CWE-89
File Location: upload/admin/model/design/seo_url.php:102
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L403

Potential SQL Injection in seo_url.php

CWE-89
File Location: upload/admin/model/design/seo_url.php:403
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L156

Potential SQL Injection in location.php

CWE-89
File Location: upload/admin/model/localisation/location.php:156
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L170

Potential SQL Injection in tax_rate.php

CWE-89
File Location: upload/admin/model/localisation/tax_rate.php:170
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L151

Potential SQL Injection in weight_class.php

CWE-89
File Location: upload/admin/model/localisation/weight_class.php:151
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L338

Potential SQL Injection in affiliate.php

CWE-89
File Location: upload/admin/model/marketing/affiliate.php:338
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L314

Potential SQL Injection in subscription.php

CWE-89
File Location: upload/admin/model/sale/subscription.php:314
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L172

Potential SQL Injection in api.php

CWE-89
File Location: upload/admin/model/user/api.php:172
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L601

Potential SQL Injection in user.php

CWE-89
File Location: upload/admin/model/user/user.php:601
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L51

Potential SQL Injection in wishlist.php

CWE-89
File Location: upload/catalog/model/account/wishlist.php:51
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L79

Potential SQL Injection in subscription_plan.php

CWE-89
File Location: upload/catalog/model/catalog/subscription_plan.php:79
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L410

Potential SQL Injection in article.php

CWE-89
File Location: upload/catalog/model/cms/article.php:410
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L82

Potential SQL Injection in country.php

CWE-89
File Location: upload/catalog/model/localisation/country.php:82
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L49

Potential SQL Injection in order_status.php

CWE-89
File Location: upload/catalog/model/localisation/order_status.php:49
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L68

Potential SQL Injection in store.php

CWE-89
File Location: upload/catalog/model/setting/store.php:68
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L346

Potential SQL Injection in customer.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/customer.php:346
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L88

Potential SQL Injection in customer_transaction.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/customer_transaction.php:88
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L387

Potential SQL Injection in sale.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/sale.php:387
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L509

Potential SQL Injection in sale.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/sale.php:509
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L128

Potential SQL Injection in subscription.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/subscription.php:128
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");