Description
This script is vulnerable to file tampering.
The scanner detected that user input gets written to a file from the server. This alert requires user confirmation. It may be a false positive. It depends on the file that gets written and how/if user input is santitized before being written to this file. Please make sure that user input is not written to a file that gets interpreted by the web server (for example a PHP file) and check if this file is located inside the application directory.
Remediation
Please make sure that user input is properly sanitized before being written to the file.
References
Related Vulnerabilities
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000394)
Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)
MyBB Improper Input Validation Vulnerability (CVE-2019-12831)
TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832)
WordPress Plugin WooCommerce-Store Exporter CSV Injection (2.3.1)