SYM_PHP_0014 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Integer Overflow or Wraparound
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-190: Integer Overflow or Wraparound |
| Confidence Level | High |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Using PHP's base_convert() with large numbers (such as random tokens or hashes) can silently lose precision, resulting in incorrect or truncated values. This makes it unsuitable for securely handling session tokens, CSRF tokens, or cryptographic outputs.
Impact
If an attacker can predict or manipulate truncated tokens, they may be able to bypass authentication, hijack sessions, or defeat CSRF protections. This weakens the overall security of the application by making supposedly random or unique tokens easier to guess or reproduce.