CWE-566
Authorization Bypass Through User-Controlled SQL Primary Key
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.
Official CWE-566 definition at MITREImpactr finds and proves weaknesses like CWE-566 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist