ASD Cyber Security - Complete Vulnerabilities Database

#001

Account Lockout Policy Not Implemented

Authentication

Low

CVSS: 6.5/10

Attack Pattern

In this vulnerability, an attacker can repeatedly attempt to guess usernames and passwords without facing any restrictions or account lockouts.

Impact

Attackers can perform unlimited brute-force or credential-stuffing attacks, leading to unauthorized access. Weak passwords are easily guessed, increasing account takeover risks.

Recommendation

Enforce account lockout after 5-10 failed attempts (temporary lockout or CAPTCHA). Monitor and log failed logins. Implement MFA for sensitive accounts. Use rate-limiting to prevent automation.

Tools Used

Hydra Burp Suite Intruder Medusa

CWE-307 OWASP Account Lockout Cheat Sheet

#002

Sensitive Data in URL (GET)

Information Disclosure

Medium

CVSS: 7.5/10

Attack Pattern

When sensitive information is passed in URL query parameters, it becomes logged in browser history, server logs, and third-party analytics tools.

Impact

GET requests expose credentials/tokens in browser history, logs, or proxies. Attackers can steal data via MITM, caching, or indexed URLs.

Recommendation

Use POST requests for sensitive data. Encrypt all data with HTTPS (TLS 1.2+). Disable URL caching. Store session tokens in secure cookies only.

Tools Used

Browser URL Bar Burp Suite Developer Tools

CWE-598 OWASP Transport Layer Protection

#003

Anti-CSRF Token Missing

CSRF

Informative

CVSS: 6.8/10

Attack Pattern

Applications that allow state-changing operations without using unpredictable and user-specific CSRF tokens are vulnerable.

Impact

Attackers forge requests (e.g., fund transfers) using a victim's active session. Browsers automatically send cookies, enabling unauthorized actions.

Recommendation

Generate unique CSRF tokens per session. Validate tokens server-side for state-changing requests. Use SameSite cookie attributes.

Tools Used

Burp Suite (Proxy + Repeater) Manual HTML Inspection

CWE-352 OWASP CSRF Prevention

#026

Vulnerability 26 - RFI

Access Control

Informative

CVSS: 3.1/10

Attack Pattern

Attack pattern description for vulnerability 26

Impact

Potential impact description for vulnerability 26. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-368 OWASP Reference Guide

#027

Vulnerability 27 - XSS

Access Control

Low

CVSS: 7.3/10

Attack Pattern

Attack pattern description for vulnerability 27

Impact

Potential impact description for vulnerability 27. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-563 OWASP Reference Guide

#028

Vulnerability 28 - SSRF

Access Control

Critical

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 28

Impact

Potential impact description for vulnerability 28. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-655 OWASP Reference Guide

#029

Vulnerability 29 - LFI

XSS

Medium

CVSS: 5.7/10

Attack Pattern

Attack pattern description for vulnerability 29

Impact

Potential impact description for vulnerability 29. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-996 OWASP Reference Guide

#030

Vulnerability 30 - XSS

Information Disclosure

High

CVSS: 9.1/10

Attack Pattern

Attack pattern description for vulnerability 30

Impact

Potential impact description for vulnerability 30. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-921 OWASP Reference Guide

#031

Vulnerability 31 - LFI

Session Management

Low

CVSS: 8.2/10

Attack Pattern

Attack pattern description for vulnerability 31

Impact

Potential impact description for vulnerability 31. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-772 OWASP Reference Guide

#032

Vulnerability 32 - RCE

Access Control

Medium

CVSS: 3.6/10

Attack Pattern

Attack pattern description for vulnerability 32

Impact

Potential impact description for vulnerability 32. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-922 OWASP Reference Guide

#033

Vulnerability 33 - XXE

Access Control

Critical

CVSS: 6.4/10

Attack Pattern

Attack pattern description for vulnerability 33

Impact

Potential impact description for vulnerability 33. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-713 OWASP Reference Guide

#034

Vulnerability 34 - RFI

CSRF

High

CVSS: 4.3/10

Attack Pattern

Attack pattern description for vulnerability 34

Impact

Potential impact description for vulnerability 34. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-179 OWASP Reference Guide

#035

Vulnerability 35 - RFI

Configuration

Medium

CVSS: 7.4/10

Attack Pattern

Attack pattern description for vulnerability 35

Impact

Potential impact description for vulnerability 35. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-487 OWASP Reference Guide

#036

Vulnerability 36 - CSRF

Session Management

Low

CVSS: 5/10

Attack Pattern

Attack pattern description for vulnerability 36

Impact

Potential impact description for vulnerability 36. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-688 OWASP Reference Guide

#037

Vulnerability 37 - SSRF

Authentication

Medium

CVSS: 7.2/10

Attack Pattern

Attack pattern description for vulnerability 37

Impact

Potential impact description for vulnerability 37. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-196 OWASP Reference Guide

#038

Vulnerability 38 - XSS

Injection

Critical

CVSS: 8.8/10

Attack Pattern

Attack pattern description for vulnerability 38

Impact

Potential impact description for vulnerability 38. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-508 OWASP Reference Guide

#039

Vulnerability 39 - RCE

Configuration

Low

CVSS: 5.4/10

Attack Pattern

Attack pattern description for vulnerability 39

Impact

Potential impact description for vulnerability 39. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-998 OWASP Reference Guide

#040

Vulnerability 40 - XSS

Authentication

Medium

CVSS: 7.9/10

Attack Pattern

Attack pattern description for vulnerability 40

Impact

Potential impact description for vulnerability 40. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-981 OWASP Reference Guide

#041

Vulnerability 41 - CSRF

CSRF

Medium

CVSS: 5.7/10

Attack Pattern

Attack pattern description for vulnerability 41

Impact

Potential impact description for vulnerability 41. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-678 OWASP Reference Guide

#042

Vulnerability 42 - XSS

Authentication

Low

CVSS: 3.1/10

Attack Pattern

Attack pattern description for vulnerability 42

Impact

Potential impact description for vulnerability 42. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-619 OWASP Reference Guide

#043

Vulnerability 43 - XXE

Information Disclosure

Low

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 43

Impact

Potential impact description for vulnerability 43. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-119 OWASP Reference Guide

#044

Vulnerability 44 - XSS

Injection

High

CVSS: 4.8/10

Attack Pattern

Attack pattern description for vulnerability 44

Impact

Potential impact description for vulnerability 44. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-498 OWASP Reference Guide

#045

Vulnerability 45 - SSRF

Authentication

Critical

CVSS: 7.4/10

Attack Pattern

Attack pattern description for vulnerability 45

Impact

Potential impact description for vulnerability 45. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-413 OWASP Reference Guide

#046

Vulnerability 46 - RCE

Information Disclosure

Medium

CVSS: 3.8/10

Attack Pattern

Attack pattern description for vulnerability 46

Impact

Potential impact description for vulnerability 46. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-266 OWASP Reference Guide

#047

Vulnerability 47 - RCE

Authentication

Medium

CVSS: 3/10

Attack Pattern

Attack pattern description for vulnerability 47

Impact

Potential impact description for vulnerability 47. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-594 OWASP Reference Guide

#048

Vulnerability 48 - LFI

Authentication

Informative

CVSS: 5.7/10

Attack Pattern

Attack pattern description for vulnerability 48

Impact

Potential impact description for vulnerability 48. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-231 OWASP Reference Guide

#049

Vulnerability 49 - XXE

File Upload

High

CVSS: 7.1/10

Attack Pattern

Attack pattern description for vulnerability 49

Impact

Potential impact description for vulnerability 49. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-721 OWASP Reference Guide

#050

Vulnerability 50 - CSRF

Information Disclosure

Medium

CVSS: 6.3/10

Attack Pattern

Attack pattern description for vulnerability 50

Impact

Potential impact description for vulnerability 50. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-191 OWASP Reference Guide

#051

Vulnerability 51 - LFI

Injection

Medium

CVSS: 8.2/10

Attack Pattern

Attack pattern description for vulnerability 51

Impact

Potential impact description for vulnerability 51. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-547 OWASP Reference Guide

#052

Vulnerability 52 - RFI

File Upload

Low

CVSS: 5.1/10

Attack Pattern

Attack pattern description for vulnerability 52

Impact

Potential impact description for vulnerability 52. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-609 OWASP Reference Guide

#053

Vulnerability 53 - RCE

Session Management

High

CVSS: 5.6/10

Attack Pattern

Attack pattern description for vulnerability 53

Impact

Potential impact description for vulnerability 53. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-235 OWASP Reference Guide

#054

Vulnerability 54 - SSRF

Access Control

Informative

CVSS: 8.6/10

Attack Pattern

Attack pattern description for vulnerability 54

Impact

Potential impact description for vulnerability 54. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-378 OWASP Reference Guide

#055

Vulnerability 55 - RCE

Session Management

Medium

CVSS: 4.4/10

Attack Pattern

Attack pattern description for vulnerability 55

Impact

Potential impact description for vulnerability 55. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-803 OWASP Reference Guide

#056

Vulnerability 56 - RFI

XSS

Medium

CVSS: 6.5/10

Attack Pattern

Attack pattern description for vulnerability 56

Impact

Potential impact description for vulnerability 56. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-293 OWASP Reference Guide

#057

Vulnerability 57 - RCE

Access Control

Low

CVSS: 4.3/10

Attack Pattern

Attack pattern description for vulnerability 57

Impact

Potential impact description for vulnerability 57. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-922 OWASP Reference Guide

#058

Vulnerability 58 - LFI

Information Disclosure

Informative

CVSS: 4/10

Attack Pattern

Attack pattern description for vulnerability 58

Impact

Potential impact description for vulnerability 58. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-428 OWASP Reference Guide

#059

Vulnerability 59 - RCE

Injection

High

CVSS: 4.1/10

Attack Pattern

Attack pattern description for vulnerability 59

Impact

Potential impact description for vulnerability 59. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-642 OWASP Reference Guide

#060

Vulnerability 60 - SQL Injection

Access Control

Medium

CVSS: 7.1/10

Attack Pattern

Attack pattern description for vulnerability 60

Impact

Potential impact description for vulnerability 60. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-843 OWASP Reference Guide

#061

Vulnerability 61 - RCE

Configuration

Medium

CVSS: 6.7/10

Attack Pattern

Attack pattern description for vulnerability 61

Impact

Potential impact description for vulnerability 61. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-817 OWASP Reference Guide

#062

Vulnerability 62 - CSRF

CSRF

High

CVSS: 8.2/10

Attack Pattern

Attack pattern description for vulnerability 62

Impact

Potential impact description for vulnerability 62. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-119 OWASP Reference Guide

#063

Vulnerability 63 - XXE

CSRF

Medium

CVSS: 6.7/10

Attack Pattern

Attack pattern description for vulnerability 63

Impact

Potential impact description for vulnerability 63. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-532 OWASP Reference Guide

#064

Vulnerability 64 - XXE

Authentication

Informative

CVSS: 3.3/10

Attack Pattern

Attack pattern description for vulnerability 64

Impact

Potential impact description for vulnerability 64. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-555 OWASP Reference Guide

#065

Vulnerability 65 - LFI

Cryptography

Low

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 65

Impact

Potential impact description for vulnerability 65. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-590 OWASP Reference Guide

#066

Vulnerability 66 - LFI

Injection

Informative

CVSS: 4.2/10

Attack Pattern

Attack pattern description for vulnerability 66

Impact

Potential impact description for vulnerability 66. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-404 OWASP Reference Guide

#067

Vulnerability 67 - SQL Injection

Injection

Low

CVSS: 5.5/10

Attack Pattern

Attack pattern description for vulnerability 67

Impact

Potential impact description for vulnerability 67. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-201 OWASP Reference Guide

#068

Vulnerability 68 - XSS

Cryptography

Informative

CVSS: 4.9/10

Attack Pattern

Attack pattern description for vulnerability 68

Impact

Potential impact description for vulnerability 68. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-665 OWASP Reference Guide

#069

Vulnerability 69 - RFI

Authentication

Low

CVSS: 6.8/10

Attack Pattern

Attack pattern description for vulnerability 69

Impact

Potential impact description for vulnerability 69. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-799 OWASP Reference Guide

#070

Vulnerability 70 - XSS

CSRF

Informative

CVSS: 4.1/10

Attack Pattern

Attack pattern description for vulnerability 70

Impact

Potential impact description for vulnerability 70. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-795 OWASP Reference Guide

#071

Vulnerability 71 - SQL Injection

File Upload

High

CVSS: 7.9/10

Attack Pattern

Attack pattern description for vulnerability 71

Impact

Potential impact description for vulnerability 71. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-517 OWASP Reference Guide

#072

Vulnerability 72 - SSRF

XSS

Critical

CVSS: 3.6/10

Attack Pattern

Attack pattern description for vulnerability 72

Impact

Potential impact description for vulnerability 72. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-346 OWASP Reference Guide

#073

Vulnerability 73 - SSRF

Session Management

High

CVSS: 6.4/10

Attack Pattern

Attack pattern description for vulnerability 73

Impact

Potential impact description for vulnerability 73. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-353 OWASP Reference Guide

#074

Vulnerability 74 - RCE

Configuration

Low

CVSS: 7.4/10

Attack Pattern

Attack pattern description for vulnerability 74

Impact

Potential impact description for vulnerability 74. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-887 OWASP Reference Guide

#075

Vulnerability 75 - RCE

Information Disclosure

Informative

CVSS: 5.9/10

Attack Pattern

Attack pattern description for vulnerability 75

Impact

Potential impact description for vulnerability 75. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-497 OWASP Reference Guide

#076

Vulnerability 76 - SQL Injection

XSS

Informative

CVSS: 9.2/10

Attack Pattern

Attack pattern description for vulnerability 76

Impact

Potential impact description for vulnerability 76. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-947 OWASP Reference Guide

#077

Vulnerability 77 - SSRF

Information Disclosure

Informative

CVSS: 6.8/10

Attack Pattern

Attack pattern description for vulnerability 77

Impact

Potential impact description for vulnerability 77. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-877 OWASP Reference Guide

#078

Vulnerability 78 - XXE

XSS

Informative

CVSS: 4.1/10

Attack Pattern

Attack pattern description for vulnerability 78

Impact

Potential impact description for vulnerability 78. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-390 OWASP Reference Guide

#079

Vulnerability 79 - LFI

Authentication

Informative

CVSS: 8.1/10

Attack Pattern

Attack pattern description for vulnerability 79

Impact

Potential impact description for vulnerability 79. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-163 OWASP Reference Guide

#080

Vulnerability 80 - RCE

Access Control

Medium

CVSS: 3.8/10

Attack Pattern

Attack pattern description for vulnerability 80

Impact

Potential impact description for vulnerability 80. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-283 OWASP Reference Guide

#081

Vulnerability 81 - XSS

Configuration

Medium

CVSS: 5/10

Attack Pattern

Attack pattern description for vulnerability 81

Impact

Potential impact description for vulnerability 81. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-773 OWASP Reference Guide

#082

Vulnerability 82 - XXE

CSRF

Low

CVSS: 6.6/10

Attack Pattern

Attack pattern description for vulnerability 82

Impact

Potential impact description for vulnerability 82. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-463 OWASP Reference Guide

#083

Vulnerability 83 - CSRF

XSS

High

CVSS: 9.1/10

Attack Pattern

Attack pattern description for vulnerability 83

Impact

Potential impact description for vulnerability 83. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-564 OWASP Reference Guide

#084

Vulnerability 84 - SSRF

Configuration

Low

CVSS: 7.9/10

Attack Pattern

Attack pattern description for vulnerability 84

Impact

Potential impact description for vulnerability 84. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-366 OWASP Reference Guide

#085

Vulnerability 85 - XSS

Access Control

Medium

CVSS: 9.6/10

Attack Pattern

Attack pattern description for vulnerability 85

Impact

Potential impact description for vulnerability 85. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-236 OWASP Reference Guide

#086

Vulnerability 86 - LFI

Cryptography

Medium

CVSS: 8.9/10

Attack Pattern

Attack pattern description for vulnerability 86

Impact

Potential impact description for vulnerability 86. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-596 OWASP Reference Guide

#087

Vulnerability 87 - RFI

Session Management

High

CVSS: 3.6/10

Attack Pattern

Attack pattern description for vulnerability 87

Impact

Potential impact description for vulnerability 87. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-494 OWASP Reference Guide

#088

Vulnerability 88 - XXE

Information Disclosure

High

CVSS: 6.8/10

Attack Pattern

Attack pattern description for vulnerability 88

Impact

Potential impact description for vulnerability 88. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-844 OWASP Reference Guide

#089

Vulnerability 89 - RCE

Authentication

Informative

CVSS: 6.5/10

Attack Pattern

Attack pattern description for vulnerability 89

Impact

Potential impact description for vulnerability 89. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-555 OWASP Reference Guide

#090

Vulnerability 90 - XSS

Cryptography

Low

CVSS: 5.8/10

Attack Pattern

Attack pattern description for vulnerability 90

Impact

Potential impact description for vulnerability 90. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-261 OWASP Reference Guide

#091

Vulnerability 91 - XSS

Cryptography

Medium

CVSS: 4.2/10

Attack Pattern

Attack pattern description for vulnerability 91

Impact

Potential impact description for vulnerability 91. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-957 OWASP Reference Guide

#092

Vulnerability 92 - LFI

Injection

Critical

CVSS: 5.1/10

Attack Pattern

Attack pattern description for vulnerability 92

Impact

Potential impact description for vulnerability 92. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-257 OWASP Reference Guide

#093

Vulnerability 93 - SQL Injection

Cryptography

Critical

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 93

Impact

Potential impact description for vulnerability 93. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-575 OWASP Reference Guide

#094

Vulnerability 94 - RFI

CSRF

Medium

CVSS: 6.2/10

Attack Pattern

Attack pattern description for vulnerability 94

Impact

Potential impact description for vulnerability 94. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-304 OWASP Reference Guide

#095

Vulnerability 95 - XSS

XSS

Medium

CVSS: 6.1/10

Attack Pattern

Attack pattern description for vulnerability 95

Impact

Potential impact description for vulnerability 95. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-386 OWASP Reference Guide

#096

Vulnerability 96 - SQL Injection

Configuration

Critical

CVSS: 6.6/10

Attack Pattern

Attack pattern description for vulnerability 96

Impact

Potential impact description for vulnerability 96. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-936 OWASP Reference Guide

#097

Vulnerability 97 - RFI

Configuration

High

CVSS: 6.7/10

Attack Pattern

Attack pattern description for vulnerability 97

Impact

Potential impact description for vulnerability 97. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-918 OWASP Reference Guide

#098

Vulnerability 98 - XSS

File Upload

Low

CVSS: 4.4/10

Attack Pattern

Attack pattern description for vulnerability 98

Impact

Potential impact description for vulnerability 98. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-581 OWASP Reference Guide

#099

Vulnerability 99 - LFI

Cryptography

Low

CVSS: 4.4/10

Attack Pattern

Attack pattern description for vulnerability 99

Impact

Potential impact description for vulnerability 99. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-397 OWASP Reference Guide

#100

Vulnerability 100 - RCE

Access Control

Informative

CVSS: 4/10

Attack Pattern

Attack pattern description for vulnerability 100

Impact

Potential impact description for vulnerability 100. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-821 OWASP Reference Guide

#101

Vulnerability 101 - SSRF

Access Control

High

CVSS: 6.1/10

Attack Pattern

Attack pattern description for vulnerability 101

Impact

Potential impact description for vulnerability 101. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-728 OWASP Reference Guide

#102

Vulnerability 102 - SQL Injection

Cryptography

Critical

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 102

Impact

Potential impact description for vulnerability 102. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-349 OWASP Reference Guide

#103

Vulnerability 103 - SQL Injection

Injection

Informative

CVSS: 4.5/10

Attack Pattern

Attack pattern description for vulnerability 103

Impact

Potential impact description for vulnerability 103. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-376 OWASP Reference Guide

#104

Vulnerability 104 - CSRF

Cryptography

Critical

CVSS: 8.5/10

Attack Pattern

Attack pattern description for vulnerability 104

Impact

Potential impact description for vulnerability 104. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-909 OWASP Reference Guide

#105

Vulnerability 105 - LFI

CSRF

Low

CVSS: 6/10

Attack Pattern

Attack pattern description for vulnerability 105

Impact

Potential impact description for vulnerability 105. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-700 OWASP Reference Guide

#106

Vulnerability 106 - RCE

Authentication

Medium

CVSS: 4.6/10

Attack Pattern

Attack pattern description for vulnerability 106

Impact

Potential impact description for vulnerability 106. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-333 OWASP Reference Guide

#107

Vulnerability 107 - LFI

Authentication

High

CVSS: 3.5/10

Attack Pattern

Attack pattern description for vulnerability 107

Impact

Potential impact description for vulnerability 107. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-505 OWASP Reference Guide

#108

Vulnerability 108 - CSRF

Injection

Low

CVSS: 9.7/10

Attack Pattern

Attack pattern description for vulnerability 108

Impact

Potential impact description for vulnerability 108. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-656 OWASP Reference Guide

#109

Vulnerability 109 - XSS

CSRF

High

CVSS: 3.9/10

Attack Pattern

Attack pattern description for vulnerability 109

Impact

Potential impact description for vulnerability 109. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-528 OWASP Reference Guide

#110

Vulnerability 110 - XSS

Cryptography

High

CVSS: 5.7/10

Attack Pattern

Attack pattern description for vulnerability 110

Impact

Potential impact description for vulnerability 110. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-890 OWASP Reference Guide

#111

Vulnerability 111 - SQL Injection

Access Control

Informative

CVSS: 9.8/10

Attack Pattern

Attack pattern description for vulnerability 111

Impact

Potential impact description for vulnerability 111. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-736 OWASP Reference Guide

#112

Vulnerability 112 - RFI

Information Disclosure

Informative

CVSS: 3.1/10

Attack Pattern

Attack pattern description for vulnerability 112

Impact

Potential impact description for vulnerability 112. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-661 OWASP Reference Guide

#113

Vulnerability 113 - LFI

XSS

Critical

CVSS: 7.7/10

Attack Pattern

Attack pattern description for vulnerability 113

Impact

Potential impact description for vulnerability 113. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-509 OWASP Reference Guide

#114

Vulnerability 114 - SQL Injection

Session Management

Low

CVSS: 5.5/10

Attack Pattern

Attack pattern description for vulnerability 114

Impact

Potential impact description for vulnerability 114. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-141 OWASP Reference Guide

#115

Vulnerability 115 - XSS

Cryptography

High

CVSS: 7/10

Attack Pattern

Attack pattern description for vulnerability 115

Impact

Potential impact description for vulnerability 115. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-389 OWASP Reference Guide

#116

Vulnerability 116 - SSRF

Configuration

High

CVSS: 7.2/10

Attack Pattern

Attack pattern description for vulnerability 116

Impact

Potential impact description for vulnerability 116. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-140 OWASP Reference Guide

#117

Vulnerability 117 - XSS

Configuration

Critical

CVSS: 5.1/10

Attack Pattern

Attack pattern description for vulnerability 117

Impact

Potential impact description for vulnerability 117. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-971 OWASP Reference Guide

#118

Vulnerability 118 - SSRF

Session Management

Critical

CVSS: 9.6/10

Attack Pattern

Attack pattern description for vulnerability 118

Impact

Potential impact description for vulnerability 118. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-601 OWASP Reference Guide

#119

Vulnerability 119 - LFI

CSRF

Informative

CVSS: 7.5/10

Attack Pattern

Attack pattern description for vulnerability 119

Impact

Potential impact description for vulnerability 119. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-773 OWASP Reference Guide

#120

Vulnerability 120 - RFI

Information Disclosure

Critical

CVSS: 8.8/10

Attack Pattern

Attack pattern description for vulnerability 120

Impact

Potential impact description for vulnerability 120. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-959 OWASP Reference Guide

#121

Vulnerability 121 - RCE

Cryptography

Critical

CVSS: 8.4/10

Attack Pattern

Attack pattern description for vulnerability 121

Impact

Potential impact description for vulnerability 121. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-111 OWASP Reference Guide

#122

Vulnerability 122 - CSRF

Cryptography

Low

CVSS: 4.4/10

Attack Pattern

Attack pattern description for vulnerability 122

Impact

Potential impact description for vulnerability 122. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-762 OWASP Reference Guide

#123

Vulnerability 123 - CSRF

Injection

High

CVSS: 6.1/10

Attack Pattern

Attack pattern description for vulnerability 123

Impact

Potential impact description for vulnerability 123. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-255 OWASP Reference Guide

#124

Vulnerability 124 - CSRF

File Upload

Low

CVSS: 7.1/10

Attack Pattern

Attack pattern description for vulnerability 124

Impact

Potential impact description for vulnerability 124. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-883 OWASP Reference Guide

#125

Vulnerability 125 - SQL Injection

File Upload

Informative

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 125

Impact

Potential impact description for vulnerability 125. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-682 OWASP Reference Guide

#126

Vulnerability 126 - XSS

Information Disclosure

High

CVSS: 6.2/10

Attack Pattern

Attack pattern description for vulnerability 126

Impact

Potential impact description for vulnerability 126. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-983 OWASP Reference Guide

#127

Vulnerability 127 - CSRF

XSS

Low

CVSS: 7.6/10

Attack Pattern

Attack pattern description for vulnerability 127

Impact

Potential impact description for vulnerability 127. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-194 OWASP Reference Guide

#128

Vulnerability 128 - SSRF

File Upload

High

CVSS: 8.3/10

Attack Pattern

Attack pattern description for vulnerability 128

Impact

Potential impact description for vulnerability 128. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-341 OWASP Reference Guide

#129

Vulnerability 129 - SSRF

Session Management

High

CVSS: 7.1/10

Attack Pattern

Attack pattern description for vulnerability 129

Impact

Potential impact description for vulnerability 129. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-330 OWASP Reference Guide

#130

Vulnerability 130 - SQL Injection

Session Management

Medium

CVSS: 3.4/10

Attack Pattern

Attack pattern description for vulnerability 130

Impact

Potential impact description for vulnerability 130. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-388 OWASP Reference Guide

#131

Vulnerability 131 - RFI

Authentication

Critical

CVSS: 7.2/10

Attack Pattern

Attack pattern description for vulnerability 131

Impact

Potential impact description for vulnerability 131. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-525 OWASP Reference Guide

#132

Vulnerability 132 - RFI

Injection

Informative

CVSS: 8.9/10

Attack Pattern

Attack pattern description for vulnerability 132

Impact

Potential impact description for vulnerability 132. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-904 OWASP Reference Guide

#133

Vulnerability 133 - RFI

Session Management

Low

CVSS: 9.1/10

Attack Pattern

Attack pattern description for vulnerability 133

Impact

Potential impact description for vulnerability 133. This could lead to data exposure or system compromise.

Recommendation

Implement proper validation and security controls. Use secure coding practices.

Tools Used

Burp Suite OWASP ZAP Manual Testing

CWE-231 OWASP Reference Guide