This application contains the following intentional vulnerabilities for scanner testing:
| Page | Vulnerability | CWE |
|---|
| Home (XSS) | Reflected XSS | CWE-79 |
| Home (Debug) | Information Disclosure (phpinfo) | CWE-200 |
| Login | SQL Injection, No brute-force protection | CWE-89 |
| Register | No CSRF, Stored XSS, Plaintext Password | CWE-352, CWE-79, CWE-256 |
| Forgot Password | Password Disclosure, User Enumeration | CWE-256, CWE-203 |
| Product (SQLi) | SQL Injection (UNION) | CWE-89 |
| Search | Reflected XSS + SQL Injection | CWE-79, CWE-89 |
| Comments | Stored XSS, No CSRF | CWE-79, CWE-352 |
| Profile | IDOR, Sensitive Data Exposure | CWE-639, CWE-200 |
| Admin Panel | Broken Access Control, Command Injection, Path Traversal | CWE-284, CWE-78, CWE-22 |
| File Upload | Unrestricted File Upload | CWE-434 |
| XML Parser | XXE Injection | CWE-611 |
| URL Fetcher | SSRF | CWE-918 |
| Deserialize | Insecure Deserialization | CWE-502 |
| Redirect | Open Redirect | CWE-601 |