SYM_PHP_0019 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Cleartext Transmission of Sensitive Information
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-319: Cleartext Transmission of Sensitive Information |
| OWASP | A03:2017 - Sensitive Data Exposure |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses FTP functions to transfer files, which sends data—including usernames, passwords, and file contents—over the network without encryption. This exposes sensitive information to anyone who can intercept the network traffic.
Impact
If exploited, attackers could capture confidential data or credentials during transfer, leading to unauthorized access, data breaches, or manipulation of files. This can compromise user privacy and the security of your application or infrastructure.