Back to Codebase

Vulnerability Analysis Report

PayPal Express Checkout v4.1.0.0

Scan ID: SCAN-PAYPAL-CHECKOUT-0cSjQP • Hash: fea93b2c

Severity Score
Critical
Total Findings
100
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.985s

Vulnerability Details

L31

Dynamic Code Execution in Log.php

CWE-94
File Location: upload/system/storage/vendor/aws/aws-crt-php/src/AWS/CRT/Log.php:31
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(get_resource_type($stream) == "stream");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L40

Dynamic Code Execution in Log.php

CWE-94
File Location: upload/system/storage/vendor/aws/aws-crt-php/src/AWS/CRT/Log.php:40
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($level >= self::NONE && $level <= self::TRACE);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1332

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1332
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($media instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1500

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1500
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selfParent !== null, 'at-root blocks must have a selfParent set.');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1549

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1549
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert($scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1754

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1754
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof DirectiveBlock || $block instanceof OutputBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3147

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3147
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3199

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3199
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6791

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6791
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($arg[0][1]));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L70

Dynamic Code Execution in Compressed.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Compressed.php:70
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1072

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1072
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1093

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1093
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1197

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1197
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1702

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1702
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1749

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1749
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2265

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2265
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value) || $value instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L186

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:186
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ], $match[2] ? eval($match[2].';') : []);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1512

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1512
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1519

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1519
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1825

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1825
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1847

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1847
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2030

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:2030
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3217

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3217
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($each instanceof EachBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3252

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3252
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($while instanceof WhileBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3265

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3265
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($for instanceof ForBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3326

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3326
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($mixin instanceof CallableBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3966

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3966
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($kebabCaseName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6816

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6816
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_string($name));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6947

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6947
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($originalRestArgumentName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7384

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7384
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L10163

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:10163
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($selectorsMap));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L344

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:344
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L361

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:361
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceName !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L61

Dynamic Code Execution in Expanded.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Expanded.php:61
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2269

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2269
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L590

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:590
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($sourceMapGenerator !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L783

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:783
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L865

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:865
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1338

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1338
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1477

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1477
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block instanceof AtRootBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1544

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1544
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->rootBlock !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1830

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1830
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1922

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1922
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1951

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1951
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1956

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1956
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1974

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1974
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($block->selfParent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5069

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:5069
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($env->block instanceof MediaBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6493

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6493
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(!empty($parsedPrototypes));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L7489

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:7489
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($value));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L168

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:168
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L343

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:343
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L72

Dynamic Code Execution in Nested.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Nested.php:72
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($replacedLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L807

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:807
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($if instanceof IfBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1081

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1081
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($include));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L2298

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:2298
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(\is_array($nextValue) || $nextValue instanceof Number);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L407

Dynamic Code Execution in Environment.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Environment.php:407
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('?>'.$content);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L176

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:176
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$ret = '.$condition.';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L39

Dynamic Code Execution in NativeResource.php

CWE-94
File Location: upload/system/storage/vendor/aws/aws-crt-php/src/AWS/CRT/NativeResource.php:39
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->native == null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L576

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:576
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1674

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1674
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\is_array($reParsedWith));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1866

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1866
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($child[1] instanceof NestedPropertyBlock);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1888

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:1888
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->scope->parent !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L3175

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:3175
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($selectors !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5745

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:5745
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \assert(\is_string($c) || $c instanceof \Closure);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L6968

Dynamic Code Execution in Compiler.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Compiler.php:6968
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($default !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L300

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:300
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($out !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L360

Dynamic Code Execution in Formatter.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter.php:360
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->currentBlock->sourceLine !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L74

Dynamic Code Execution in Crunched.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Formatter/Crunched.php:74
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert(! empty($block->selectors));
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L299

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:299
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1162

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1162
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L1718

Dynamic Code Execution in Parser.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/Parser.php:1718
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($this->env !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L151

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:151
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($file !== null);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L233

Dynamic Code Execution in SourceMapGenerator.php

CWE-94
File Location: upload/system/storage/vendor/scssphp/scssphp/src/SourceMap/SourceMapGenerator.php:233
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- assert($jsonSourceMap !== false);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L245

Dynamic Code Execution in IntegrationTestCase.php

CWE-94
File Location: upload/system/storage/vendor/twig/twig/src/Test/IntegrationTestCase.php:245
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $output = trim($template->render(eval($match[1].';')), "\n ");
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L179

Potential SQL Injection in attribute.php

CWE-89
File Location: upload/admin/model/catalog/attribute.php:179
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L521

Potential SQL Injection in category.php

CWE-89
File Location: upload/admin/model/catalog/category.php:521
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L177

Potential SQL Injection in filter.php

CWE-89
File Location: upload/admin/model/catalog/filter.php:177
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L230

Potential SQL Injection in information.php

CWE-89
File Location: upload/admin/model/catalog/information.php:230
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L1832

Potential SQL Injection in product.php

CWE-89
File Location: upload/admin/model/catalog/product.php:1832
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L265

Potential SQL Injection in article.php

CWE-89
File Location: upload/admin/model/cms/article.php:265
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L225

Potential SQL Injection in custom_field.php

CWE-89
File Location: upload/admin/model/customer/custom_field.php:225
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L199

Potential SQL Injection in layout.php

CWE-89
File Location: upload/admin/model/design/layout.php:199
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L185

Potential SQL Injection in seo_url.php

CWE-89
File Location: upload/admin/model/design/seo_url.php:185
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L212

Potential SQL Injection in seo_url.php

CWE-89
File Location: upload/admin/model/design/seo_url.php:212
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L292

Potential SQL Injection in seo_url.php

CWE-89
File Location: upload/admin/model/design/seo_url.php:292
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L403

Potential SQL Injection in seo_url.php

CWE-89
File Location: upload/admin/model/design/seo_url.php:403
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L127

Potential SQL Injection in address_format.php

CWE-89
File Location: upload/admin/model/localisation/address_format.php:127
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L177

Potential SQL Injection in subscription_status.php

CWE-89
File Location: upload/admin/model/localisation/subscription_status.php:177
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L178

Potential SQL Injection in zone.php

CWE-89
File Location: upload/admin/model/localisation/zone.php:178
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L246

Potential SQL Injection in subscription.php

CWE-89
File Location: upload/admin/model/sale/subscription.php:246
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L183

Potential SQL Injection in startup.php

CWE-89
File Location: upload/admin/model/setting/startup.php:183
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L126

Potential SQL Injection in reward.php

CWE-89
File Location: upload/catalog/model/account/reward.php:126
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L79

Potential SQL Injection in subscription_plan.php

CWE-89
File Location: upload/catalog/model/catalog/subscription_plan.php:79
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L88

Potential SQL Injection in currency.php

CWE-89
File Location: upload/catalog/model/localisation/currency.php:88
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L69

Potential SQL Injection in stock_status.php

CWE-89
File Location: upload/catalog/model/localisation/stock_status.php:69
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L49

Potential SQL Injection in subscription_status.php

CWE-89
File Location: upload/catalog/model/localisation/subscription_status.php:49
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L51

Potential SQL Injection in customer_transaction.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/customer_transaction.php:51
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L53

Potential SQL Injection in product_purchased.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/product_purchased.php:53
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L29

Potential SQL Injection in sale.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/sale.php:29
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");
L509

Potential SQL Injection in sale.php

CWE-89
File Location: upload/extension/opencart/admin/model/report/sale.php:509
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $query = $this->db->query($sql);
+ $this->db->query("SELECT ... WHERE field = '" . $this->db->escape($variable) . "'");