DerScanner
Home / Vulnerability Database / PHP : Missing authorization
PHP

PHP : Missing authorization

Classification

OWASP Top 10 2017
A5-Broken Access Control
OWASP Top 10 2021
A1-Broken Access Control
OWASP ASVS
Error Handling and LoggingAccess ControlAccess ControlAccess ControlAccess Control
CWE
CWE-285CWE-306CWE-732CWE-862
CWE/SANS Top 25 2011
CWE-306CWE-732CWE-862
CWE/SANS Top 25 2021
CWE-306CWE-732CWE-862

Overview

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

When access control checks are not applied, this can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.

Missing authorization weaknesses may arise when a single-user application is ported to a multi-user environment.

References

  1. CWE-862: Missing Authorization
LOW

DerScanner Severity Score

Do you want to fix PHP : Missing authorization in your application?

See also

PHP

PHP : Null salt

PHP

PHP : Empty password

PHP

PHP : Empty salt