Back to Codebase

Vulnerability Analysis Report

Journal Builder Extension v3.0.4.0

Scan ID: SCAN-JOURNAL-BUILDER-SxH3MC • Hash: fa393b66

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.736s

Vulnerability Details

L575

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:575
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($sourceMapGenerator !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1872

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1872
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3131

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3131
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3159

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3159
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3236

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3236
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($while instanceof WhileBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L10121

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:10121
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($selectorsMap));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L343

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:343
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in Nested.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Nested.php:72
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1071

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1071
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1080

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1080
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($include));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1092

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1092
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1161

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1161
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1196

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1196
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Environment.php:360
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('?>'.$content);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in developer.php

CWE-94
File Location: upload/admin/controller/common/developer.php:15
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($eval);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L768

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:768
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L850

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:850
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1497

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1497
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1504

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1504
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1529

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1529
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->rootBlock !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1850

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1850
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($child[1] instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1940

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1940
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1958

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1958
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selfParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3310

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3310
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mixin instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5053

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:5053
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($env->block instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6774

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6774
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7447

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7447
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:168
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in Compressed.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Compressed.php:70
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L299

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:299
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1713

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1713
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2288

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2288
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($nextValue) || $nextValue instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L9

Dynamic Code Execution in database.php

CWE-94
File Location: upload/install/controller/startup/database.php:9
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1323

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1323
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1485

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1485
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selfParent !== null, 'at-root blocks must have a selfParent set.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1534

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1534
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1738

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1738
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof DirectiveBlock || $block instanceof OutputBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1809

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1809
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1831

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1831
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2014

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:2014
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3183

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3183
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3249

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3249
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($for instanceof ForBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6451

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6451
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($parsedPrototypes));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7342

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7342
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L300

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:300
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($out !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L344

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:344
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:360
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L361

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:361
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in Crunched.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Crunched.php:74
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in Expanded.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Expanded.php:61
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1697

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1697
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2259

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2259
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:151
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L233

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:233
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonSourceMap !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L152

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:152
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$ret = '.$condition.';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L223

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:223
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $output = trim($template->render(eval($match[1].';')), "\n ");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L561

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:561
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1317

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1317
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($media instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1462

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1462
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof AtRootBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1814

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1814
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1906

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1906
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1935

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1935
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3201

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3201
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($each instanceof EachBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3950

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3950
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($kebabCaseName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6749

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6749
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($arg[0][1]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6905

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6905
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($originalRestArgumentName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6926

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6926
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($default !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L806

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:806
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1744

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1744
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2255

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2255
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value) || $value instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L164

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:164
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ], $match[2] ? eval($match[2].';') : []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Potential SQL Injection in DownloadTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/DownloadTest.php:27
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO " . DB_PREFIX . "download_description SET download_id = $downloadId, language_id = 1, `name` = ''");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L28

Potential SQL Injection in DownloadTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/account/DownloadTest.php:28
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("INSERT INTO " . DB_PREFIX . "product_to_download SET product_id = 1, download_id = $downloadId");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L47

Potential SQL Injection in ProductTest.php

CWE-89
File Location: tests/phpunit/opencart/catalog/model/catalog/ProductTest.php:47
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query("UPDATE " . DB_PREFIX . "product SET date_available = '" . $product['date_available'] . "' WHERE product_id = 28");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L107

Potential SQL Injection in option.php

CWE-89
File Location: upload/admin/model/catalog/option.php:107
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L98

Potential SQL Injection in recurring.php

CWE-89
File Location: upload/admin/model/catalog/recurring.php:98
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L312

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/customer/customer.php:312
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql . "ORDER BY name");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L56

Potential SQL Injection in translation.php

CWE-89
File Location: upload/admin/model/design/translation.php:56
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L111

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:111
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L265

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:265
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L287

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:287
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L313

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:313
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L335

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:335
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L353

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:353
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L367

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:367
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L458

Potential SQL Injection in google.php

CWE-89
File Location: upload/admin/model/extension/advertise/google.php:458
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L19

Potential SQL Injection in chart.php

CWE-89
File Location: upload/admin/model/extension/dashboard/chart.php:19
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS total, HOUR(date_added) AS hour FROM `" . DB_PREFIX . "order` WHERE order_status_id IN(" . implode(",", $implode) . ") AND DATE(date_added) = DATE(NOW()) GROUP BY HOUR(date_added) ORDER BY date_added ASC");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L109

Potential SQL Injection in chart.php

CWE-89
File Location: upload/admin/model/extension/dashboard/chart.php:109
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS total, date_added FROM `" . DB_PREFIX . "order` WHERE order_status_id IN(" . implode(",", $implode) . ") AND YEAR(date_added) = YEAR(NOW()) GROUP BY MONTH(date_added)");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L37

Potential SQL Injection in sale.php

CWE-89
File Location: upload/admin/model/extension/dashboard/sale.php:37
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT COUNT(*) AS total, HOUR(date_added) AS hour FROM `" . DB_PREFIX . "order` WHERE order_status_id IN(" . implode(",", $implode) . ") AND DATE(date_added) = DATE(NOW()) GROUP BY HOUR(date_added) ORDER BY date_added ASC");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L57

Potential SQL Injection in google_base.php

CWE-89
File Location: upload/admin/model/extension/feed/google_base.php:57
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L87

Potential SQL Injection in google_base.php

CWE-89
File Location: upload/admin/model/extension/feed/google_base.php:87
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L174

Potential SQL Injection in laybuy.php

CWE-89
File Location: upload/admin/model/extension/payment/laybuy.php:174
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L129

Potential SQL Injection in paypal.php

CWE-89
File Location: upload/admin/model/extension/payment/paypal.php:129
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query("SELECT SUM(total) AS total, SUM(IF (payment_code = 'paypal', total, 0)) AS paypal_total, date_added FROM `" . DB_PREFIX . "order` WHERE order_status_id IN(" . implode(',', $implode) . ") AND YEAR(date_added) = YEAR(NOW()) GROUP BY MONTH(date_added)");
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L207

Potential SQL Injection in paypal.php

CWE-89
File Location: upload/admin/model/extension/payment/paypal.php:207
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L28

Potential SQL Injection in squareup.php

CWE-89
File Location: upload/admin/model/extension/payment/squareup.php:28
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->db->query($sql)->rows;
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L160

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/extension/report/customer.php:160
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L294

Potential SQL Injection in customer.php

CWE-89
File Location: upload/admin/model/extension/report/customer.php:294
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L58

Potential SQL Injection in customer_transaction.php

CWE-89
File Location: upload/admin/model/extension/report/customer_transaction.php:58
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L76

Potential SQL Injection in currency.php

CWE-89
File Location: upload/admin/model/localisation/currency.php:76
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L141

Potential SQL Injection in geo_zone.php

CWE-89
File Location: upload/admin/model/localisation/geo_zone.php:141
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query( $sql );
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");