CWE-566 - Authorization Bypass Through User-Controlled SQL Primary Key


The user can't get access to the software database but is able to control and modify a primary key of a SQL statement.
Errors of database access control take place when:
1. The data source is untrusted;
2.The data specifies the value of a primary key in a SQL query.
3. The untrusted source isn't alowed to access certain records of database table.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-566


Description of CWE-566 on Mitre website