CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-349
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Acceptance of Extraneous Untrusted Data With Trusted Data
- Description
The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
- Common Consequences
Scope: Access Control, Integrity
Impact: Bypass Protection Mechanism, Modify Application Data
Notes: An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website