Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • Password input field is not masked (CWE:549)



  • Avoid using an user controlled Primary Key into a query (CWE:566)  

  • Plaintext Storage of a Password (CWE:256)  

  • Array index coming from a non neutralized vulnerable input (CWE:129) 

  • Not using a Random IV with CBC Mode (CWE:329) 

  • Hardcoded cryptographic keys (CWE:321) 

  • Avoid sensitive information exposure through error messages (CWE:209) 

  • Execution After Redirect (EAR) (CWE:698) 

  • NULL Pointer Dereference (CWE:476)