CWE-650
Trusting HTTP Permission Methods on the Server Side
The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to m…
Official CWE-650 definition at MITREImpactr finds and proves weaknesses like CWE-650 in your web apps and APIs - investigating, chaining, and validating each with a reproducible exploit.
Join the waitlist