CWE-472 对假设不可变Web参数的外部可控制 类弱点 131 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-472指外部控制假设不可变Web参数漏洞。攻击者常通过修改隐藏表单字段、Cookie或URL参数,篡改本应固定的关键数据。开发者应避免依赖客户端数据,对任何输入进行服务端严格验证,确保业务逻辑不受用户可控参数影响,从而防止数据被恶意修改。
String accountID = request.getParameter("accountID"); User user = getUserFromID(Long.parseLong(accountID));<input type="hidden"| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2021-1290 | 多款Cisco产品安全漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2021-1291 | 多款Cisco产品安全漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2021-1292 | 多款 Cisco 产品授权问题漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2021-1293 | 多款 Cisco 产品授权问题漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2021-1294 | 多款 Cisco 产品授权问题漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2021-1295 | Cisco Small Business 安全漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2021-1289 | 多款 Cisco 产品授权问题漏洞 — Cisco Small Business RV Series Router Firmware | 9.8 | Critical | 2021-02-04 |
| CVE-2020-1765 | Open-source Ticket Request System 安全漏洞 — ((OTRS)) Community Edition | 3.5 | Low | 2020-01-10 |
| CVE-2019-13927 | Siemens Desigo PX 安全漏洞 — Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 | 8.2 | - | 2019-12-12 |
| CVE-2017-5260 | Cambium Networks cnPilot 安全漏洞 — cnPilot | 8.8 | - | 2017-12-20 |
| CVE-2017-5261 | Cambium Networks cnPilot Web administrative console 路径遍历漏洞 — cnPilot | 8.1 | - | 2017-12-20 |
CWE-472(对假设不可变Web参数的外部可控制) 是常见的弱点类别,本平台收录该类弱点关联的 131 条 CVE 漏洞。