GrepRules
Sign inPublish rule
Explore/cve-2022-25777-php-foreach-pass-by-value-sanitization-bypass

CVE-2022-25777: Php Foreach Pass By Value Sanitization Bypass

A temporary loop variable from a pass-by-value 'foreach' array is passed to a sanitization or mutation method. In PHP, 'foreach' iterates by value unless specifically passed by reference, so mutating a property of the loop variable (`$VAL[$PROP]`) only modifies a temporary copy. This allows unvalidated or unsanitized payloads to remain in the original array,

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0PHPβ
greprules fetch cve-2022-25777-php-foreach-pass-by-value-sanitization-bypass --engine opengrep

Description

A temporary loop variable from a pass-by-value 'foreach' array is passed to a sanitization or mutation method. In PHP, 'foreach' iterates by value unless specifically passed by reference, so mutating a property of the loop variable (`$VAL[$PROP]`) only modifies a temporary copy. This allows unvalidated or unsanitized payloads to remain in the original array,

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Quality signals
145 downloads0 direct145 via packs
· 0 stars · Quality score 81How quality works
Included packs
2 packs