CWE-473 - PHP External Variable Modification

CWE ID:

CWE-473

Abstraction:Variant
Structure:Simple
Status:Draft

Release Date:2006-07-19
Latest Modification Date:2023-06-29

Weakness Name

PHP External Variable Modification

Description

A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.

Common Consequences

Scope: Integrity

Impact: Modify Application Data

Related Weaknesses

CWE-98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')High

CWE-471Modification of Assumed-Immutable Data (MAID)

Top Security News

Top CVE List

Top Alert List

CSP
Content Security Policy (CSP) Header Not Set
MediumAbsence of Anti-CSRF Tokens
MediumMissing Anti-clickjacking Header
InformationalInformation Disclosure - Suspicious Comments
LowCross-Domain JavaScript Source File Inclusion
MediumContent Security Policy (CSP) Header Not Set
LowTimestamp Disclosure - Unix
LowCSP: X-Content-Security-Policy
InformationalRe-examine Cache-control Directives