CWE-472
External Control of Assumed-Immutable Web Parameter
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
Official CWE-472 definition at MITREImpactr finds and proves weaknesses like CWE-472 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist