XPath injection threat detected
- Rule ID: php_lang_xpath_injection
- Languages: php
- Source: xpath_injection.yml
Description
Using unsanitized input in an XPath expression could lead to XPath injection if variables are not properly sanitized. XPath injection could lead to unauthorized access to sensitive information in XML documents.
Remediations
❌ Avoid using user input in XPath expressions
✅ Sanitize user input when it must be included
## References
- [XPath Injection](https://owasp.org/www-community/attacks/XPATH_Injection)
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_lang_xpath_injection
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_lang_xpath_injection
Ready to take the next step? Learn more about Bearer Cloud.