CX Code_Injection @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master]

**Code_Injection** issue exists @ **src/main/java/org/cysecurity/cspf/jvl/controller/Install.java** in branch **master**

*The application's&nbsp;setup method receives and&nbsp;dynamically executes user-controlled code using&nbsp;forName,&nbsp;at line 103 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java. This could enable an attacker to inject and run arbitrary code.&nbsp;
The attacker can inject the executed code via user input,&nbsp;&quot;&quot;jdbcdriver&quot;&quot;, which is retrieved by the application in the processRequest method, at line 49 of src\main\java\org\cysecurity\cspf\jvl\controller\Install.java.*

Severity: High
CWE:94
[Vulnerability details and guidance](https://cwe.mitre.org/data/definitions/94.html)
[Internal Guidance](https://checkmarx.atlassian.net/wiki/spaces/AS/pages/79462432/Remediation+Guidance)
[Checkmarx](http://localhost:8100/CxWebClient/ViewerMain.aspx?scanid=1020234&projectid=20070&pathid=1)
Lines: [55](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java#L55) 

---
[Code (Line #55):](https://github.com/Custodela/JavaVulnerableLab/blob/master/src/main/java/org/cysecurity/cspf/jvl/controller/Install.java#L55)
```
        jdbcdriver = request.getParameter("jdbcdriver");
```
---


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CX Code_Injection @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master] #55

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CX Code_Injection @ src/main/java/org/cysecurity/cspf/jvl/controller/Install.java [master] #55

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions