PHP External Variable Modification

A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-473

  • Status

    Draft

Contents

See Also

Comprehensive Categorization: Resource Control

Weaknesses in this category are related to resource control.

Validate Inputs

Weaknesses in this category are related to the design and architecture of a system's input validation components. Frequently these deal with sanitizing, neutralizing a...

SFP Secondary Cluster: Tainted Input to Environment

This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Environment cluster (SFP27).

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weaknesses in Software Written in PHP

This view (slice) covers issues that are found in PHP programs that are not common to all languages.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.