Back to Codebase

Vulnerability Analysis Report

magento/zendframework1 vrelease-1.12.16

Scan ID: SCAN-ZENDFRAMEWORK1-3dnWcO • Hash: b96f9457

Severity Score
Critical
Total Findings
50
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.636s

Vulnerability Details

L1129

Dynamic Code Execution in Acl.php

CWE-94
File Location: library/Zend/Acl.php:1129
Security Score:
98 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $assertionValue = $assertion->assert(
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L165

Dynamic Code Execution in Upload.php

CWE-94
File Location: demos/Zend/ProgressBar/Upload.php:165
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('var data = ' + httpRequest.responseText);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L157

Dynamic Code Execution in ZendForm.php

CWE-94
File Location: demos/Zend/ProgressBar/ZendForm.php:157
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('var data = ' + httpRequest.responseText);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L5

Dynamic Code Execution in AssertionZF7973.php

CWE-94
File Location: tests/Zend/Acl/_files/AssertionZF7973.php:5
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(Zend_Acl $acl,
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L11

Dynamic Code Execution in UserIsBlogPostOwnerAssertion.php

CWE-94
File Location: tests/Zend/Acl/_files/UseCase1/UserIsBlogPostOwnerAssertion.php:11
Security Score:
97 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $user = null, Zend_Acl_Resource_Interface $blogPost = null, $privilege = null)
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L59

Dynamic Code Execution in PhpCode.php

CWE-94
File Location: library/Zend/Serializer/Adapter/PhpCode.php:59
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $eval = @eval('$ret=' . $code . ';');
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L203

Dynamic Code Execution in FunctionFrontendTest.php

CWE-94
File Location: tests/Zend/Cache/FunctionFrontendTest.php:203
Security Score:
96 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('$closure = function () {};'); // no parse error on php < 5.3
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L62

Dynamic Code Execution in Interface.php

CWE-94
File Location: library/Zend/Acl/Assert/Interface.php:62
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null,
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L12

Dynamic Code Execution in MockAssertion.php

CWE-94
File Location: tests/Zend/Acl/_files/MockAssertion.php:12
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- public function assert(Zend_Acl $acl, Zend_Acl_Role_Interface $role = null, Zend_Acl_Resource_Interface $resource = null,
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L34

Cross-Site Scripting (XSS) in testHttpAuth.php

CWE-79
File Location: tests/Zend/Http/Client/_files/testHttpAuth.php:34
Security Score:
88 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo serialize($_GET), "\n", $user, "\n", $pass, "\n";
+ echo htmlspecialchars(serialize($_GET), "\n", $user, "\n", $pass, "\n", ENT_QUOTES, "UTF-8");
L2

Cross-Site Scripting (XSS) in ZF10645-PutContentType.php

CWE-79
File Location: tests/Zend/Http/Client/_files/ZF10645-PutContentType.php:2
Security Score:
87 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo 'REQUEST_METHOD: ' . $_SERVER['REQUEST_METHOD'] . "\n\n";
+ echo htmlspecialchars('REQUEST_METHOD: ' . $_SERVER['REQUEST_METHOD'] . "\n\n", ENT_QUOTES, "UTF-8");
L107

Cross-Site Scripting (XSS) in amazon-search.php

CWE-79
File Location: demos/Zend/WebServices/Amazon/amazon-search.php:107
Security Score:
84 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
+ echo htmlspecialchars($_SERVER['SCRIPT_NAME'], ENT_QUOTES, "UTF-8");
L23

Cross-Site Scripting (XSS) in testPostData.php

CWE-79
File Location: tests/Zend/Http/Client/_files/testPostData.php:23
Security Score:
84 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo serialize($_POST);
+ echo htmlspecialchars(serialize($_POST), ENT_QUOTES, "UTF-8");
L112

Cross-Site Scripting (XSS) in index.php

CWE-79
File Location: tests/Zend/Http/index.php:112
Security Score:
84 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- value="<?=htmlentities($_GET['userAgent'])?>" /> <br />
+ echo htmlspecialchars("<?=htmlentities($_GET['userAgent'])?, ENT_QUOTES, "UTF-8");
L90

Cross-Site Scripting (XSS) in flickr-composite.php

CWE-79
File Location: demos/Zend/WebServices/Flickr/flickr-composite.php:90
Security Score:
83 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
+ echo htmlspecialchars($_SERVER['SCRIPT_NAME'], ENT_QUOTES, "UTF-8");
L23

Cross-Site Scripting (XSS) in testGetData.php

CWE-79
File Location: tests/Zend/Http/Client/_files/testGetData.php:23
Security Score:
83 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo serialize($_GET);
+ echo htmlspecialchars(serialize($_GET), ENT_QUOTES, "UTF-8");
L98

Cross-Site Scripting (XSS) in yahoo-multi-search.php

CWE-79
File Location: demos/Zend/WebServices/Yahoo/yahoo-multi-search.php:98
Security Score:
81 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
+ echo htmlspecialchars($_SERVER['SCRIPT_NAME'], ENT_QUOTES, "UTF-8");
L23

Cross-Site Scripting (XSS) in testResetParameters.php

CWE-79
File Location: tests/Zend/Http/Client/_files/testResetParameters.php:23
Security Score:
80 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo serialize($_GET) . "\n" . serialize($_POST);
+ echo htmlspecialchars(serialize($_GET) . "\n" . serialize($_POST), ENT_QUOTES, "UTF-8");
L185

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:185
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- resultDiv.innerHTML = '<b>Loading...</b>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L488

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:488
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(ytVideoApp.PLAYLIST_ADD_DIV).innerHTML = newPlaylistForm;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L188

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:188
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- resultDiv.innerHTML = xmlhr.responseText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L349

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:349
Security Score:
69 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(ytVideoApp.VIDEO_SEARCH_RESULTS_DIV).innerHTML = editMetaDataForm;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L245

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:245
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(ytVideoApp.SYNDICATED_UPLOAD_DIV).innerHTML = metaDataForm;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L452

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:452
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(ytVideoApp.VIDEO_SEARCH_RESULTS_DIV).innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L144

Insecure DOM Manipulation (XSS) in video_browser.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoBrowser/video_browser.js:144
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- resultDiv.innerHTML = '<b>Loading...</b>';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L555

Insecure DOM Manipulation (XSS) in video_app.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoApp/video_app.js:555
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.getElementById(ytVideoApp.VIDEO_SEARCH_RESULTS_DIV).innerHTML = playlistUpdateForm;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L147

Insecure DOM Manipulation (XSS) in video_browser.js

CWE-79
File Location: demos/Zend/Gdata/YouTubeVideoBrowser/video_browser.js:147
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- resultDiv.innerHTML = xmlhr.responseText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L215

Weak Cryptographic Hash (MD5) in Digest.php

CWE-327
File Location: library/Zend/Auth/Adapter/Digest.php:215
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if ($this->_secureStringCompare(substr($line, -32), md5("$this->_username:$this->_realm:$this->_password"))) {
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L79

Weak Cryptographic Hash (MD5) in ProviderTest.php

CWE-327
File Location: tests/Zend/OpenId/ProviderTest.php:79
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertTrue( $storage->checkUser(self::USER, md5(self::USER . self::PASSWORD)) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L388

Weak Cryptographic Hash (MD5) in Files.php

CWE-327
File Location: library/Zend/Service/Rackspace/Files.php:388
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $headers[self::HEADER_HASH]= md5($content);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L348

Weak Cryptographic Hash (MD5) in MailMergeTest.php

CWE-327
File Location: tests/Zend/Service/LiveDocx/MailMergeTest.php:348
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertEquals($hash, md5($document));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L532

Weak Cryptographic Hash (MD5) in AttributeTest.php

CWE-327
File Location: tests/Zend/Ldap/AttributeTest.php:532
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertEquals(md5($password, true), $binary);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L293

Weak Cryptographic Hash (MD5) in MailMergeTest.php

CWE-327
File Location: tests/Zend/Service/LiveDocx/MailMergeTest.php:293
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertEquals($hash, md5($document));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L251

Weak Cryptographic Hash (MD5) in Hash.php

CWE-327
File Location: library/Zend/Form/Element/Hash.php:251
Security Score:
34 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->_hash = md5(
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L329

Weak Cryptographic Hash (MD5) in Attribute.php

CWE-327
File Location: library/Zend/Ldap/Attribute.php:329
Security Score:
34 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $rawHash = md5($password, true);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L324

Weak Cryptographic Hash (MD5) in Attribute.php

CWE-327
File Location: library/Zend/Ldap/Attribute.php:324
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $rawHash = md5($password . $salt, true) . $salt;
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L194

Weak Cryptographic Hash (MD5) in Provider.php

CWE-327
File Location: library/Zend/OpenId/Provider.php:194
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- if (!$this->_storage->checkUser($id, md5($id.$password))) {
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L448

Weak Cryptographic Hash (MD5) in Delicious.php

CWE-327
File Location: library/Zend/Service/Delicious.php:448
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $parms = array('hash' => md5($url));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L443

Weak Cryptographic Hash (MD5) in Openssl.php

CWE-327
File Location: library/Zend/Filter/Encrypt/Openssl.php:443
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $fingerprint = md5($details['key']);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L95

Weak Cryptographic Hash (MD5) in Crammd5.php

CWE-327
File Location: library/Zend/Mail/Protocol/Smtp/Auth/Crammd5.php:95
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $key = pack('H32', md5($key));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L594

Weak Cryptographic Hash (MD5) in Font.php

CWE-327
File Location: library/Zend/Pdf/Font.php:594
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $filePathKey = md5($filePath);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L333

Weak Cryptographic Hash (MD5) in Mcrypt.php

CWE-327
File Location: library/Zend/Filter/Encrypt/Mcrypt.php:333
Security Score:
30 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $key = substr(md5($key), 0, $keysize);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L522

Weak Cryptographic Hash (MD5) in AttributeTest.php

CWE-327
File Location: tests/Zend/Ldap/AttributeTest.php:522
Security Score:
30 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertEquals(md5($password . $salt, true), $hash);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L659

Weak Cryptographic Hash (MD5) in Font.php

CWE-327
File Location: library/Zend/Pdf/Font.php:659
Security Score:
29 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $filePathKey = md5($filePath);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L165

Weak Cryptographic Hash (MD5) in Provider.php

CWE-327
File Location: library/Zend/OpenId/Provider.php:165
Security Score:
28 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $this->_storage->addUser($id, md5($id.$password));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L358

Weak Cryptographic Hash (MD5) in MailMergeTest.php

CWE-327
File Location: tests/Zend/Service/LiveDocx/MailMergeTest.php:358
Security Score:
27 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertEquals($hash, md5($document));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L809

Weak Cryptographic Hash (MD5) in Subscriber.php

CWE-327
File Location: library/Zend/Feed/Pubsubhubbub/Subscriber.php:809
Security Score:
26 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $key = md5($keyBase);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L274

Weak Cryptographic Hash (MD5) in Pop3.php

CWE-327
File Location: library/Zend/Mail/Protocol/Pop3.php:274
Security Score:
26 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->request("APOP $user " . md5($this->_timestamp . $password));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L303

Weak Cryptographic Hash (MD5) in MailMergeTest.php

CWE-327
File Location: tests/Zend/Service/LiveDocx/MailMergeTest.php:303
Security Score:
26 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->assertEquals($hash, md5($document));
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L376

Weak Cryptographic Hash (MD5) in Openssl.php

CWE-327
File Location: library/Zend/Filter/Encrypt/Openssl.php:376
Security Score:
25 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $fingerprints[$count] = md5($details['key']);
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing