CWE-807 - Reliance on Untrusted Inputs in a Security Decision


This weakness occurs when an attacker can change inputs such as cookies, environment variables, and hidden form fields using customized clients or other attacks. Sometimes the system might not detect the change. When security decisions such as authentication and authorization are based on the values of these inputs, attackers can bypass the security of the software.
As a result the vulnerability can cause modification of sensitive data, system crash, or execution of arbitrary code.
The vulnerability is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-807


Description of CWE-807 on Mitre website