CWE-566: Authorization Bypass Through User-Controlled SQL Primary Key
ID
CWE-566
Abstraction
Variant
Structure
Simple
Status
Incomplete
Number of CVEs
2
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records.
Database access control errors occur when:
- Data enters a program from an untrusted source.
- The data is used to specify the value of a primary key in a SQL query.
- The untrusted source does not have the permissions to be able to access all rows in the associated table.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Technology | Database Server |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...