Description
This script is vulnerable to file tampering.
The scanner detected that user input gets written to a file from the server. This alert requires user confirmation. It may be a false positive. It depends on the file that gets written and how/if user input is santitized before being written to this file. Please make sure that user input is not written to a file that gets interpreted by the web server (for example a PHP file) and check if this file is located inside the application directory.
Remediation
Please make sure that user input is properly sanitized before being written to the file.
References
Related Vulnerabilities
WordPress Plugin CAC Featured Content TimThumb Arbitrary File Upload (0.8)
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)
WordPress Improper Input Validation Vulnerability (CVE-2019-20041)