Critical vulnerabilities were identified on your website. You need to act now to address these problems otherwise your application will likely get hacked and possibly attackers will be able to steal data. These issues need to be addressed urgently.
Vulnerabilities
Critical
High
Medium
Low
Best Practice
Information
TOTAL
14
19
19
11
4
11
78
Vulnerability
Suggested Action
[Probable] SQL Injection
Fix immediately: With these vulnerabilities your website could be hacked right now. You should make it your highest priority to fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
Blind SQL Injection
Fix immediately: With these vulnerabilities your website could be hacked right now. You should make it your highest priority to fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
Boolean Based SQL Injection
Fix immediately: With these vulnerabilities your website could be hacked right now. You should make it your highest priority to fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
SQL Injection
Fix immediately: With these vulnerabilities your website could be hacked right now. You should make it your highest priority to fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
Cross-site Scripting
Fix immediately: An attacker could use these vulnerabilities to hack your website. You should fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
Password Transmitted over HTTP
Fix immediately: An attacker could use these vulnerabilities to hack your website. You should fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
[Probable] Local File Inclusion
Fix immediately: An attacker could use these vulnerabilities to hack your website. You should fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
Local File Inclusion
Fix immediately: An attacker could use these vulnerabilities to hack your website. You should fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
Cross-site Scripting via Remote File Inclusion
Fix immediately: An attacker could use these vulnerabilities to hack your website. You should fix them immediately. Once you’ve done this, you should rescan to make sure you’ve eliminated them.
[Possible] Source Code Disclosure (PHP)
Fix soon: You should fix them soon. Once you’ve done this, you may want to rescan to check they’re gone.
Open Policy Crossdomain.xml Detected
Fix soon: You should fix them soon. Once you’ve done this, you may want to rescan to check they’re gone.
[Possible] Cross-site Scripting
Fix soon: You should fix them soon. Once you’ve done this, you may want to rescan to check they’re gone.
Frame Injection
Fix soon: You should fix them soon. Once you’ve done this, you may want to rescan to check they’re gone.
SSL/TLS Not Implemented
Fix soon: You should fix them soon. Once you’ve done this, you may want to rescan to check they’re gone.
[Possible] Internal IP Address Disclosure
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Cookie Not Marked as HttpOnly
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Information Disclosure (phpinfo())
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Version Disclosure (PHP)
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Database Error Message Disclosure
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Version Disclosure (Nginx)
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
[Possible] Cross-site Request Forgery
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
[Possible] Cross-site Request Forgery in Login Form
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Missing X-Frame-Options Header
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
[Possible] Insecure Reflected Content
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
[Possible] Phishing by Navigating Browser Tabs
Consider fixing: These vulnerabilities aren’t very bad but they might help an attacker. You should think about fixing them.
Missing X-XSS-Protection Header
No action required: Implementing these features that are supported by all major browsers is a good practice and will provide an extra layer of security to your application.
SameSite Cookie Not Implemented
No action required: Implementing these features that are supported by all major browsers is a good practice and will provide an extra layer of security to your application.
Content Security Policy (CSP) Not Implemented
No action required: Implementing these features that are supported by all major browsers is a good practice and will provide an extra layer of security to your application.
Referrer-Policy Not Implemented
No action required: Implementing these features that are supported by all major browsers is a good practice and will provide an extra layer of security to your application.
Forbidden Resource
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Database Detected (MySQL)
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
[Possible] Internal Path Disclosure (*nix)
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Email Address Disclosure
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
[Possible] SQL File Detected
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Unexpected Redirect Response Body (Too Large)
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Directory Listing (Nginx)
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Autocomplete Enabled (Password Field)
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Nginx Web Server Identified
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
.htaccess File Detected
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
[Possible] Login Page Identified
No action required: These items are just for your information. You don’t need to take any action on them but they might be useful to know.
Compliance Summary
Compliance
Vulnerabilities
PCI DSS v3.2
54
OWASP 2013
68
OWASP 2017
69
HIPAA
58
PCI compliance data is generated based on the classifications and it has no validity. PCI DSS scans must be performed by an approved scanning vendor.