CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master]

**SSRF** issue exists @ **src/main/java/org/cysecurity/cspf/jvl/controller/Install.java** in branch **refs/heads/master**

*The application sends a request to a remote server, for some resource, using dburl in src\main\java\org\cysecurity\cspf\jvl\controller\Install.java:112. However, an attacker can control the target of the request, by sending a URL or other data in&nbsp;&quot;&quot;dburl&quot;&quot; at src\main\java\org\cysecurity\cspf\jvl\controller\Install.java:54.*

Severity: Medium

CWE:918

[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/918.html)

[Checkmarx](https://cxprivatecloud.checkmarx.net/CxWebClient/ViewerMain.aspx?scanid=1007325&projectid=1350&pathid=259)

[Training](null)
[Recommended Fix](https://cxprivatecloud.checkmarx.net/CxWebClient/ScanQueryDescription.aspx?queryID=4422&queryVersionCode=104071955&queryTitle=SSRF)

Lines: 54 56 57 58 

---
[Code (Line #54):](null#L54)
```
        dburl = request.getParameter("dburl");
```
---
[Code (Line #56):](null#L56)
```
        dbuser = request.getParameter("dbuser");
```
---
[Code (Line #57):](null#L57)
```
        dbpass = request.getParameter("dbpass");
```
---
[Code (Line #58):](null#L58)
```
        dbname = request.getParameter("dbname");
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX SSRF @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [refs/heads/master] #203

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions