CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key
CWE-566
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Authorization Bypass Through User-Controlled SQL Primary Key
- Description
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records. Database access control errors occur when:
- Common Consequences
Scope: Confidentiality, Integrity, Access Control
Impact: Read Application Data, Modify Application Data, Bypass Protection Mechanism
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2024-02-29
Free security scan for your website