Back to Codebase

Vulnerability Analysis Report

PayPal Express Checkout v3.0.5.0

Scan ID: SCAN-PAYPAL-CHECKOUT-0aheKC • Hash: 397d991d

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.599s

Vulnerability Details

L176

Dynamic Code Execution in ArgumentDeclaration.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentDeclaration.php:176
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($lastDollar !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in ArgumentDeclaration.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentDeclaration.php:179
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($dot !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L232

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:232
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->lastVariableIndex !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L969

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:969
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->getParent()->getParent() !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1532

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1532
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->mediaQuerySources !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1533

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1533
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->mediaQueries !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1623

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1623
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($result instanceof CssMediaQuery);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1955

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1955
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($result instanceof SassNumber);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3297

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:3297
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($grandParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L116

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:116
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($unifiedBase !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L591

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:591
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($component1 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L603

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:603
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($component2 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L422

Dynamic Code Execution in ColorFunctions.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Function/ColorFunctions.php:422
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count(array_filter([$change, $adjust, $scale])) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L134

Dynamic Code Execution in CssParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/CssParser.php:134
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($plain !== null); // CSS doesn't allow non-plain identifiers
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L110

Dynamic Code Execution in InterpolationMap.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/InterpolationMap.php:110
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($previousComponent instanceof Expression);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L94

Dynamic Code Execution in SassParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/SassParser.php:94
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->nextIndentationEnd !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1940

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1940
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operator !== null, 'The list of operators must not be empty');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2605

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2605
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '#');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2752

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2752
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '!');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L336

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:336
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($node->getParent() !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L450

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:450
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($nodeValue instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L529

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:529
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(Character::isWhitespace($scanner->peekChar(-1)));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1484

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:1484
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($attribute->getOp() !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L62

Dynamic Code Execution in StringUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Util/StringUtil.php:62
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($end !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L36

Dynamic Code Execution in UriUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Util/UriUtil.php:36
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($resolvedUri instanceof UriInterface);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in ComplexSassNumber.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/ComplexSassNumber.php:39
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\count($numeratorUnits) > 1 || \count($denominatorUnits) > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L169

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:169
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->red));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L189

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:189
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->blue));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L209

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:209
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->saturation));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L219

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:219
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->lightness));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Dynamic Code Execution in ValueConverter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/ValueConverter.php:45
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($arguments) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L397

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:397
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(!Util::isMultiline($span));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L494

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:494
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($line === null || $text === null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L145

Dynamic Code Execution in SourceFile.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/SourceFile.php:145
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->cachedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L95

Dynamic Code Execution in Util.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Util.php:95
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($list));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L212

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:212
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$ret = '.$condition.';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L9

Dynamic Code Execution in database.php

CWE-94
File Location: upload/install/controller/startup/database.php:9
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L125

Dynamic Code Execution in ModifiableCssNode.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Css/ModifiableCssNode.php:125
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->indexInParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L374

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:374
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($stylesheet !== null, 'The filesystem importer never returns null when loading a canonical URL. It either succeeds or throws an error.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L706

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:706
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L539

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:539
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($removedFunctions !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L442

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:442
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->callableNode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L471

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:471
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($this->callableNode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L490

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:490
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($args instanceof SassArgumentList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L493

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:493
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($callableNode !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L695

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:695
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($css instanceof CssStylesheet);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1437

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:1437
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($declaration instanceof MixinRule);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2386

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2386
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!$node->hasQuotes());
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2447

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2447
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(!$node->accept(new IsCalculationSafeVisitor()));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2745

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2745
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($positional));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3300

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:3300
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($lastChild instanceof ModifiableCssParentNode);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L27

Dynamic Code Execution in ComplexSelectorMap.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ComplexSelectorMap.php:27
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($object instanceof ComplexSelector);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L818

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:818
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($extender->selector->getComponents()) === 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1149

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:1149
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($result));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L326

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:326
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($rootish !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L528

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:528
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($component2 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L213

Dynamic Code Execution in SassParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/SassParser.php:213
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($indentation === 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L217

Dynamic Code Execution in SelectorParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/SelectorParser.php:217
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($initialCombinators === null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2345

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2345
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($singleExpression !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L427

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:427
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($value instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L749

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:749
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(false, 'unknown format');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Dynamic Code Execution in SassColor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/SassColor.php:179
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!\is_null($this->green));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L201

Dynamic Code Execution in Highlight.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlight.php:201
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($lineStart !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L154

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:154
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($lineStart !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L420

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Environment.php:420
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('?>'.$content);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L293

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:293
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $output = trim($template->render(eval($match[1].';')), "\n ");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L15

Dynamic Code Execution in developer.php

CWE-94
File Location: upload/admin/controller/common/developer.php:15
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($eval);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in ModifiableCssNode.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Css/ModifiableCssNode.php:72
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->indexInParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L48

Dynamic Code Execution in ArgumentInvocation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentInvocation.php:48
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($keywordRest === null || $rest !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L202

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:202
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->lastVariableIndex !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L314

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:314
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->lastVariableIndex !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L545

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:545
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($removedMixins !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2500

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2500
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($elements) > 1);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2822

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2822
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($key instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2854

Dynamic Code Execution in EvaluateVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/EvaluateVisitor.php:2854
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($key instanceof SassString);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L486

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:486
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($extensionStore instanceof ConcreteExtensionStore);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L873

Dynamic Code Execution in ConcreteExtensionStore.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ConcreteExtensionStore.php:873
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($finalExtenderComponent->getCombinators()) === 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L526

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:526
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($component1 instanceof ComplexSelectorComponent);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L604

Dynamic Code Execution in ExtendUtil.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Extend/ExtendUtil.php:604
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($combinator2 !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L426

Dynamic Code Execution in ColorFunctions.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Function/ColorFunctions.php:426
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($argumentList instanceof SassArgumentList);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L96

Dynamic Code Execution in ImportCache.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Importer/ImportCache.php:96
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($cacheable, 'Relative loads should always be cacheable because they never provide access to the containing URL.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1938

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1938
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($operators !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1943

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:1943
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($left !== null, 'The list of operands must not be empty');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2355

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2355
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($beforeBracket !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2718

Dynamic Code Execution in StylesheetParser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser/StylesheetParser.php:2718
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scanner->peekChar() === '+');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L907

Dynamic Code Execution in SerializeVisitor.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Serializer/SerializeVisitor.php:907
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($value->getSeparator()->getSeparator() !== null, 'The list separator is not undecided at that point.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in SingleMapping.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SingleMapping.php:151
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($segment->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L65

Dynamic Code Execution in CalculationOperation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/CalculationOperation.php:65
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->left instanceof Equatable);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L66

Dynamic Code Execution in CalculationOperation.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Value/CalculationOperation.php:66
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->right instanceof Equatable);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L46

Dynamic Code Execution in ValueConverter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/ValueConverter.php:46
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($arguments[0] instanceof Value);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L57

Dynamic Code Execution in ValueConverter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/ValueConverter.php:57
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($value !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L306

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:306
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($startLine === $line->number || $endLine === $line->number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L398

Dynamic Code Execution in Highlighter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Highlighter/Highlighter.php:398
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(str_contains($line->text, $span->getText()));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L75

Dynamic Code Execution in Util.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/source-span/src/Util.php:75
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(array_is_list($list));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L504

Dynamic Code Execution in 1010.php

CWE-94
File Location: upload/install/model/upgrade/1010.php:504
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval($line);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L132

Dynamic Code Execution in ModifiableCssNode.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Css/ModifiableCssNode.php:132
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($child->indexInParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L161

Dynamic Code Execution in ArgumentDeclaration.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Ast/Sass/ArgumentDeclaration.php:161
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\count($unknownNames) > 0);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L603

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:603
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L791

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:791
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L532

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Evaluation/Environment.php:532
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($removedVariables !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.