Incorrect Default Permissions

Property	Value
Language
Severity
CWE	CWE-276: Incorrect Default Permissions
OWASP	A01:2021 - Broken Access Control
Confidence Level	Medium
Impact Level	Medium
Likelihood Level	Medium

Description

The code uses user-supplied input (like query parameters or cookies) to access session data. This allows attackers to control which session keys are used, potentially exposing or manipulating sensitive session information.

Impact

If exploited, an attacker could read or overwrite session values, leading to unauthorized access, privilege escalation, or bypassing security checks like authentication and CSRF protection. This can compromise user accounts and the overall security of the application.