SYM_JSTS_0099 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Accessing and invoking object methods dynamically using non-static or user-provided values can allow attackers to execute unauthorized functions. This is risky if the method name comes from user input or other untrusted sources.
Impact
If exploited, an attacker could call arbitrary functions within your application, potentially leading to code execution, data leaks, or unauthorized actions. This can compromise the application's integrity and expose sensitive data or functionality.