Read Time:22 Second

Description

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-20
CWE-843

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation

Effectiveness: High

Description: 

CVE References

  • CVE-2008-2223
    • SQL injection through an ID that was supposed to be numeric.