CWE-598 - Information Exposure Through Query Strings in GET Request


The web application uses the GET method to process requests that contain sensitive information, which can expose that information through the browser's history, Referers, web logs, and other sources. At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers. The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-598


Description of CWE-598 on Mitre website