DerScanner
Home / Vulnerability Database / PHP : Mass assignment
PHP

PHP : Mass assignment

Classification

OWASP Top 10 2013
A1-Injection
OWASP Top 10 2017
A1-InjectionA5-Broken Access Control
OWASP Top 10 2021
A3-InjectionA1-Broken Access Control
OWASP ASVS
Validation, Sanitization and Encoding
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (c)(1)§164.312 (c)(2)
CWE
CWE-1027

Overview

The application uses a mass assignment. An attacker can specify the new value of an existing database column in the request and overwrite the existing value, and thus violate the integrity of the data or perform privilege escalation.

References

  1. OWASP Top 10 2017-A1-Injection
  2. OWASP Top 10 2017-A5-Broken Access Control
  3. Mass assignment - lavarel.com
  4. What does “Mass Assignment” mean in Laravel? - stackoverflow.com
  5. CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
MEDIUM

DerScanner Severity Score

Do you want to fix PHP : Mass assignment in your application?

See also

PHP

PHP : Null salt

PHP

PHP : Empty password

PHP

PHP : Empty salt