DerScanner
Home / Vulnerability Database / C-sharp : Setting manipulation
C#

C-sharp : Setting manipulation

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-Injection
OWASP Top 10 2021
A3-Injection
PCI DSS 4.0
6.2.4
CWE
CWE-15CWE-1027

Overview

System Settings are set based on the data from an untrusted source (user input). This allows an attacker to unpredictably change the behavior of the application or disrupt its work.

The setting manipulation attack aims to modify application settings in order to cause misleading data or advantages on the attacker’s behalf. The attacker manipulate values in the system and manage specific user resources of the application or affect its functionalities.

References

  1. OWASP Top 10 2017-A1-Injection
  2. CWE-15: External Control of System or Configuration Setting
  3. OWASP: Setting Manipulation
  4. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
MEDIUM

DerScanner Severity Score

Do you want to fix C-sharp : Setting manipulation in your application?

See also

C#

C-sharp : JWT: None Algorithm

C#

C-sharp : Insecure data transmission: Database

C#

C-sharp : Only one of method Equals() and GetHashCode() defined