Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-233 (参数问题) — Vulnerability Class 20

20 vulnerabilities classified as CWE-233 (参数问题). AI Chinese analysis included.

CWE-233 represents a critical input validation weakness where software fails to adequately manage scenarios involving missing, undefined, or incorrect numbers of parameters and arguments. Attackers typically exploit this vulnerability by manipulating request structures, omitting expected fields, or injecting unexpected arguments to trigger unhandled exceptions, cause application crashes, or bypass security controls. Such exploitation can lead to denial of service, information disclosure, or further code execution if the system defaults to unsafe behaviors when encountering malformed input. To mitigate this risk, developers must implement rigorous input validation that explicitly checks for the presence, type, and count of all expected parameters before processing. Utilizing strict schema validation, default value assignments, and comprehensive error handling ensures the application gracefully rejects malformed requests, thereby maintaining stability and preventing attackers from leveraging parameter inconsistencies to compromise system integrity.

MITRE CWE Description
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
Common Consequences (1)
IntegrityUnexpected State
Examples (1)
This Android application has registered to handle a URL when sent an intent:
... IntentFilter filter = new IntentFilter("com.example.URLHandler.openURL"); MyReceiver receiver = new MyReceiver(); registerReceiver(receiver, filter); ... public class UrlHandlerReceiver extends BroadcastReceiver { @Override public void onReceive(Context context, Intent intent) { if("com.example.URLHandler.openURL".equals(intent.getAction())) { String URL = intent.getStringExtra("URLToOpen"); int length = URL.length(); ... } } }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2018-25233 WebDrive 18.00.5057 Denial of Service via Secure WebDAV — WebDrive 6.2 Medium2026-03-30
CVE-2026-2370 Improper Handling of Parameters in GitLab — GitLab 8.1 High2026-03-29
CVE-2023-20514 AMD Secure Processor 安全漏洞 — AMD Radeon™ RX 6000 Series Graphics Products 6.7AIMediumAI2026-02-11
CVE-2025-55080 Improper Parameter Check in ThreadX Syscall Implementation — ThreadX 9.1AICriticalAI2025-10-15
CVE-2025-55078 Incomplete validation of kernel object pointers in system calls — ThreadX 7.5AIHighAI2025-10-14
CVE-2025-52970 Fortinet FortiWeb 安全漏洞 — FortiWeb 7.7 High2025-08-12
CVE-2023-1419 Debezium: script injection via connector parameter — Red Hat build of Debezium 5.9 Medium2024-11-17
CVE-2024-9329 Glassfish redirect to untrusted site — Glassfish 6.1 -2024-09-30
CVE-2024-20306 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 6.0 Medium2024-03-27
CVE-2024-25979 Msa-24-0002: forum search accepted random parameters in its url 5.3 Medium2024-02-19
CVE-2023-28898 Head Unit Denial-of-Service via Apple CarPlay service — MIB3 Infotainment Unit 5.3 Medium2024-01-12
CVE-2021-45478 IDOR in Yordam Library Automation System — Library Automation System 6.5 Medium2023-03-02
CVE-2021-45477 IDOR in Yordam Library Automation System — Library Automation System 6.5 Medium2023-03-02
CVE-2023-20076 Cisco IOx Application Hosting Environment Command Injection Vulnerability — Cisco IOS 7.2 High2023-02-12
CVE-2022-3697 Ansible 安全漏洞 — ansible, ansible community.aws, ansible amazon.aws 6.5 -2022-10-28
CVE-2022-32261 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server 5.3 Medium2022-06-14
CVE-2022-22792 MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters — eharmony 6.6 Medium2022-02-16
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service — zephyr 4.3 Medium2021-05-24
CVE-2021-0269 Junos OS: J-Web can be compromised through reflected client-side HTTP parameter pollution attacks. — Junos OS 8.8 High2021-04-22
CVE-2021-1230 Cisco Nexus 9000 Series Fabric Switches ACI Mode BGP Route Installation Denial of Service Vulnerability — Cisco NX-OS System Software in ACI Mode 8.6 High2021-02-24

Vulnerabilities classified as CWE-233 (参数问题) represent 20 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.