Home / Vulnerability Database / PHP : Obsolete or unsafe function
PHP
PHP : Obsolete or unsafe function
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP Top 10 2021
PCI DSS 4.0
CWE/SANS Top 25 2011
Overview
The function used is deprecated or unsafe (regardless of how it is used). It is recommended to replace it with a secure analog.
Examples of deprecated and unsafe PHP functions: import_request_variables, mysql_escape_string, rename_function.
References
- OWASP Top 10 2017-A9-Using Components with Known Vulnerabilities
- CWE-676: Use of Potentially Dangerous Function
- CWE-242: Use of Inherently Dangerous Function
- OWASP: PHP Security Cheat Sheet
- Disable insecure/dangerous PHP functions - security.stackexchange.com
- Exploitable PHP functions - stackoverflow.com
- CWE-1035
MEDIUM
DerScanner Severity Score
Do you want to fix PHP : Obsolete or unsafe function in your application?
See also
PHP
PHP : Null salt
PHP
PHP : Empty password
PHP
