Add user lookup API endpoint for admin tools #81
ZeroPath AI Dev / Security Check
failed
Dec 10, 2025 in 3m 2s
Scan completed
Blocking issue(s) found.
Details
❌ Possible security or compliance issues detected. Reviewed everything up to a42b93d.
The following issues were found:
-
SQL Injection (SQLI)
- Location: include/functions.inc.php:33-38
- Score: MEDIUM (62.0)
- Description: SQL injection risk: get_user_by_id interpolates $user_id directly into the SQL query without sanitization or parameterization.
- Link to UI: https://dev.branch.zeropath.com/app/issues/a3f1b2a1-c7bc-4657-bfe7-f71b1ac0ef60
-
SQL Injection (SQLI)
- Location: ws.php:29-37
- Score: MEDIUM (62.0)
- Description: Unvalidated direct user input passed to a data retrieval path: $_GET['lookup_user'] is used in get_user_by_id without sanitization.
- Link to UI: https://dev.branch.zeropath.com/app/issues/d474c2cf-34ac-4c8e-945d-8bfb3dd81a04
Security Overview
- 🔎 Scanned files: 2 changed file(s)
- 🔗 Scan Link: https://dev.branch.zeropath.com/app/repositories/d9cf8881-7d91-495e-919b-1821f32afbca?scanId=e4b34afb-081b-4659-96fb-c0d7d6d6b651&codeScanTypes=PrScan&tab=issues
Detected Code Changes
| Change Type | Relevant files |
|---|---|
| Enhancement | ► include/functions.inc.php Add function to retrieve user data by ID ► ws.php Handle direct user lookup API for admin tools |
Loading