Description
The software does not properly restrict reading from or writing to dynamically-identified variables.
Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Integrity: Modify Application Data
An attacker could modify sensitive data or program variables.
Integrity: Execute Unauthorized Code or Commands
Other, Integrity: Varies by Context, Alter Execution Logic
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified.
Phase: Implementation, Architecture and Design
Effectiveness:
Description:
Refactor the code so that internal program variables do not need to be dynamically identified.
CVE References
- CVE-2006-7135
- extract issue enables file inclusion
- CVE-2006-7079
- extract used for register_globals compatibility layer, enables path traversal
- CVE-2007-0649
- extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.
- CVE-2006-6661
- extract() enables static code injection
- CVE-2006-2828
- import_request_variables() buried in include files makes post-disclosure analysis confusing
- CVE-2009-0422
- Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.
- CVE-2007-2431
- Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.
- CVE-2006-4904
- Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.
- CVE-2006-4019
- Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...