CWE-372
Incomplete Internal State Distinction
The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
Official CWE-372 definition at MITREImpactr finds and proves weaknesses like CWE-372 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist