DerScanner
Home / Vulnerability Database / PHP : Obsolete or unsafe function
PHP

PHP : Obsolete or unsafe function

Classification

OWASP Top 10 2013
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2017
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2021
A6-Vulnerable and Outdated Components
PCI DSS 4.0
6.3
CWE
CWE-242CWE-676CWE-1035
CWE/SANS Top 25 2011
CWE-676

Overview

The function used is deprecated or unsafe (regardless of how it is used). It is recommended to replace it with a secure analog.

Examples of deprecated and unsafe PHP functions: import_request_variables, mysql_escape_string, rename_function.

References

  1. OWASP Top 10 2017-A9-Using Components with Known Vulnerabilities
  2. CWE-676: Use of Potentially Dangerous Function
  3. CWE-242: Use of Inherently Dangerous Function
  4. OWASP: PHP Security Cheat Sheet
  5. Disable insecure/dangerous PHP functions - security.stackexchange.com
  6. Exploitable PHP functions - stackoverflow.com
  7. CWE-1035
MEDIUM

DerScanner Severity Score

Do you want to fix PHP : Obsolete or unsafe function in your application?

See also

PHP

PHP : Null salt

PHP

PHP : Empty password

PHP

PHP : Empty salt