SYM_CS_0007 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improperly Controlled Modification of Dynamically-Determined Object Attributes
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes |
| OWASP | A08:2021 - Software and Data Integrity Failures |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
This vulnerability occurs when user input is automatically bound to object properties without restricting which fields can be set. Attackers can supply unexpected parameters to modify sensitive or unintended fields in your models.
Impact
If exploited, an attacker could manipulate or overwrite protected data fields, escalate privileges, or change critical application settings by sending extra parameters. This can lead to unauthorized access, data tampering, or loss of data integrity.