Php fixes
002 – Asymmetric denial of service003 – Symmetric denial of service004 – Remote command execution007 – Cross-site request forgery008 – Reflected cross-site scripting (XSS)010 – Stored cross-site scripting (XSS)014 – Insecure functionality015 – Insecure authentication method - Basic016 – Insecure encryption algorithm - SSL/TLS017 – Sensitive information sent insecurely019 – Administrative credentials stored in cache memory021 – XPath injection022 – Use of an insecure channel026 – User enumeration027 – Insecure file upload029 – Inadequate file size control030 – Sensitive information sent via URL parameters032 – Spoofing033 – Password change without identity check034 – Insecure generation of random numbers036 – ViewState not encrypted037 – Technical information leak038 – Business information leak042 – Insecurely generated cookies045 – HTML code injection051 – Cracked weak credentials052 – Insecure encryption algorithm059 – Sensitive information stored in logs061 – Remote File Inclusion062 – Concurrent sessions063 – Lack of data validation - Path Traversal067 – Improper resource allocation068 – Insecure session expiration time069 – Weak CAPTCHA078 – Insecurely generated token080 – Business information leak - Customers or providers088 – Privacy violation089 – Lack of data validation - Trust boundary violation091 – Log injection092 – Insecure encryption algorithm - Anonymous cipher suites093 – Hidden fields manipulation094 – Insecure encryption algorithm - Cipher Block Chaining095 – Data uniqueness not properly verified096 – Insecure deserialization098 – External control of file name or path102 – Email uniqueness not properly verified106 – NoSQL injection107 – LDAP injection108 – Improper control of interaction frequency111 – Out-of-bounds read113 – Improper type assignation115 – Security controls bypass or absence121 – HTTP parameter pollution122 – Email flooding123 – Local file inclusion124 – Race condition125 – Directory listing127 – Lack of data validation - Type confusion128 – Insecurely generated cookies - HttpOnly129 – Insecurely generated cookies - SameSite131 – Insecure or unset HTTP headers - Strict Transport Security132 – Insecure or unset HTTP headers - X-Content-Type-Options136 – Insecure or unset HTTP headers - Cache Control138 – Inappropriate coding practices141 – Lack of data validation - URL142 – Sensitive information in source code - API Key143 – Inappropriate coding practices - Eval function145 – Inappropriate coding practices - Cyclomatic complexity146 – SQL injection150 – Use of an insecure channel - useSslProtocol()153 – Insecure or unset HTTP headers - Accept154 – Time-based SQL Injection155 – SQL Injection - Headers156 – Uncontrolled external site redirect160 – Excessive privileges - Temporary Files164 – Insecure service configuration174 – Insecure service configuration - Backdoor183 – Debugging enabled in production186 – Lack of data validation - Web Service187 – Lack of data validation - Source Code189 – Lack of data validation - Content Spoofing190 – Lack of data validation - Session Cookie191 – Lack of data validation - Responses192 – Lack of data validation - Reflected Parameters193 – Lack of data validation - Host Header Injection194 – Lack of data validation - Input Length195 – Lack of data validation - Headers196 – Lack of data validation - Dates197 – Lack of data validation - Numbers198 – Lack of data validation - Out of range199 – Lack of data validation - Emails201 – Unauthorized access to files211 – Asymmetric denial of service - ReDoS217 – Business information leak - Credit Cards221 – Business information leak - Users231 – Message flooding235 – Technical information leak - Headers237 – Technical information leak - Print Functions240 – Authentication mechanism absence or evasion - OTP243 – Authentication mechanism absence or evasion - Admin Console248 – Non-encrypted confidential information - LDAP254 – Automatic information enumeration - Credit Cards261 – Insecure encryption algorithm - DSA262 – Insecure encryption algorithm - SHA1264 – Insecure encryption algorithm - TripleDES270 – Insecure functionality - File Creation271 – Insecure functionality - Password management272 – Insecure functionality - Masking273 – Insecure functionality - Fingerprint274 – Restricted fields manipulation278 – Insecure exceptions - NullPointerException280 – Session Fixation282 – Insecure encryption algorithm - ECB283 – Automatic information enumeration - Personal Information284 – Non-encrypted confidential information - Base 64286 – Insecure object reference - Personal information288 – Insecure object reference - Financial information289 – Technical information leak - Logs290 – Technical information leak - IPs291 – Business information leak - Financial Information295 – Insecure session management - Change Password297 – SQL injection - Code298 – Authentication mechanism absence or evasion - Redirect302 – Insecure functionality - Session management305 – Security controls bypass or absence - Data creation306 – Insecure object reference - Files307 – Insecure object reference - Data308 – Enabled default configuration317 – Improper resource allocation - Memory leak321 – Lack of data validation - HTML code323 – XML injection (XXE) - Unmarshaller326 – Sensitive information in source code - Dependencies327 – Insufficient data authenticity validation - Images328 – Insecure object reference - Session management329 – Insecure or unset HTTP headers - Content-Type330 – Lack of protection against brute force attacks - Credentials331 – User Enumeration - Wordpress332 – Use of insecure channel - Source code339 – Insecure service configuration - Request Validation340 – Lack of data validation - Special Characters341 – Lack of data validation - OTP343 – Insecure service configuration - BREACH Attack344 – Lack of data validation - Non Sanitized Variables345 – Security controls bypass or absence - Session Invalidation351 – Automatic information enumeration - Corporate information354 – Insecure file upload - Files Limit355 – Insufficient data authenticity validation - Checksum verification356 – Symmetric denial of service - SMTP359 – Sensitive information in source code - Credentials362 – Technical information leak - Content response369 – Insecure object reference - User deletion371 – DOM-Based cross-site scripting (XSS)372 – Use of an insecure channel - HTTP378 – Non-encrypted confidential information - Hexadecimal382 – Insufficient data authenticity validation - Front bypass387 – Insecure service configuration - Object Reutilization395 – Insecure generation of random numbers - Static IV399 – Security controls absence - Monitoring404 – OS Command Injection414 – Insecure service configuration - Header Checking417 – Account Takeover420 – Password reset poisoning421 – Insecure encryption algorithm - Insecure Elliptic Curve422 – Server side template injection428 – Inappropriate coding practices - invalid file435 – Use of software with known vulnerabilities in environments436 – Security controls bypass or absence - Fingerprint