2 vulnerabilities classified as CWE-473 (PHP参数外部修改). AI Chinese analysis included.
CWE-473 represents a critical input validation weakness in PHP applications where developers fail to properly restrict or sanitize variables originating from external sources like query parameters, cookies, or POST data. Attackers typically exploit this vulnerability by injecting malicious payloads or manipulating expected variable values, thereby bypassing intended application logic and potentially triggering secondary flaws such as SQL injection or cross-site scripting. To mitigate this risk, developers must explicitly initialize all variables before use and strictly validate incoming data against a whitelist of acceptable formats. Utilizing PHP’s register_globals deprecation practices, implementing robust input filtering functions, and adhering to the principle of least privilege ensure that external inputs cannot unexpectedly overwrite internal state, thereby preserving application integrity and preventing unauthorized code execution or data manipulation.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-36845 | Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable — Junos OS | 9.8 | Critical | 2023-08-17 |
| CVE-2023-36844 | Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables — Junos OS | 5.3 | Medium | 2023-08-17 |
Vulnerabilities classified as CWE-473 (PHP参数外部修改) represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.