Injection: PHPOK - SQL Injection¶

Identifier: phpok_sqli

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner

Description¶

PHPOK contains a SQL injection vulnerability via a GET request. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.

Reference:

https://cve.report/software/phpok/phpok

Configuration¶

Example¶

Example configuration:

---
security_tests:
  phpok_sqli:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

`assets_allowed`¶

Type : List[AssetType]*

List of assets that this check will cover.

`skip`¶

Type : boolean

Skip the test if true.