CWE-627
Dynamic Variable Evaluation
In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.
Official CWE-627 definition at MITREImpactr finds and proves weaknesses like CWE-627 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist