Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-807 (在安全决策中依赖未经信任的输入) — Vulnerability Class 58

58 vulnerabilities classified as CWE-807 (在安全决策中依赖未经信任的输入). AI Chinese analysis included.

CWE-807 represents a critical security weakness where a system’s protective mechanisms depend on untrusted inputs that attackers can manipulate to bypass defenses. This flaw typically arises when developers erroneously assume that client-side data, such as cookies, environment variables, or hidden form fields, remain immutable and trustworthy. Attackers exploit this vulnerability by modifying these inputs using customized clients or other interception techniques, effectively tricking the application into granting unauthorized access or executing privileged actions. To mitigate this risk, developers must never rely on client-side validation for security decisions. Instead, they should enforce strict server-side validation, implement robust authentication and authorization checks independent of user-supplied data, and treat all external inputs as potentially hostile. By decoupling security logic from untrusted sources, organizations can prevent attackers from circumventing protective measures through simple input tampering.

MITRE CWE Description
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism. Developers may assume that inputs such as cookies, environment variables, and hidden form fields cannot be modified. However, an attacker could change these inputs using customized clients or other attacks. This change might not be detected. When security decisions such as authentication and authorization are made based on the values of these inputs, attackers can bypass the security of the software. Without sufficient encryption, integrity checking, or other mechanism, any input that originates from an outsider cannot be trusted.
Common Consequences (1)
Confidentiality, Access Control, Availability, OtherBypass Protection Mechanism, Gain Privileges or Assume Identity, Varies by Context
Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to expo…
Mitigations (5)
Architecture and DesignStore state information and sensitive data on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions. If information must be stored on the cli…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. With a stateless protocol such as HTTP, use a framework that maintains the state for you. Examples include ASP.NET View State [REF-756] and the OWASP ESAPI Session Management feature [REF-45]. Be careful of language features that provide state support, since …
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Operation, ImplementationWhen using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.
Architecture and Design, ImplementationUnderstand all the potential areas where untrusted inputs can enter your software: parameters or arguments, cookies, anything read from the network, environment variables, reverse DNS lookups, query results, request headers, URL components, e-mail, files, filenames, databases, and any external systems that provide data to the application. Remember that such inputs may be obtained indirectly throug…
Examples (2)
The following code excerpt reads a value from a browser cookie to determine the role of the user.
Cookie[] cookies = request.getCookies(); for (int i =0; i< cookies.length; i++) { Cookie c = cookies[i]; if (c.getName().equals("role")) { userRole = c.getValue(); } }
Bad · Java
The following code could be for a medical records application. It performs authentication by checking if a cookie has been set.
$auth = $_COOKIES['authenticated']; if (! $auth) { if (AuthenticateUser($_POST['user'], $_POST['password']) == "success") { // save the cookie to send out in future responses setcookie("authenticated", "1", time()+60*60*2); } else { ShowLoginScreen(); die("\n"); } } DisplayMedicalHistory($_POST['patient_ID']);
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2025-11271 Easy Digital Download <= 3.5.2 - Insufficient Verification to Order Manipulation — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 5.3 Medium2025-11-06
CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability — Windows 11 version 22H2 7.0 High2025-10-14
CVE-2025-59152 X-Forwarded-For Header Spoofing Bypasses Litestar Rate Limiting — litestar 7.5 High2025-10-06
CVE-2025-53882 The logrotate configuration in the python-mailman of openSUSE allows the mailman user to sent SIGHUP to arbitrary proceess — openSUSE Tumbleweed 4.4 Medium2025-07-23
CVE-2024-13974 Sophos Firewall 安全漏洞 — Sophos Firewall 8.1 High2025-07-21
CVE-2025-49827 Conjur OSS and Secrets Manager, Self-Hosted (formerly Conjur Enterprise) Vulnerable to Bypass of IAM Authenticator — conjur 8.2AIHighAI2025-07-15
CVE-2024-55354 Lucee 安全漏洞 — Lucee Server 8.8 High2025-04-08
CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect App 7.8 -2025-03-12
CVE-2025-1969 Request approval spoofing in Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center — Temporary Elevated Access Management (TEAM) for AWS IAM Identity Center 4.3 Medium2025-03-04
CVE-2025-1126 Lexmark has identified a vulnerability in our Lexmark Print Management Client (LPMC). — Lexmark Print Management Client 9.3 Critical2025-02-11
CVE-2025-24369 Anubis has a bot protection bypass when a sophisticated attacker asks to pass a challenge of difficulty 0 — x 4.9 -2025-01-27
CVE-2024-9310 Traffic Alert and Collision Avoidance System (TCAS) II has a Reliance on Untrusted Inputs in a Security Decision vulnerability — Collision Avoidance Systems 6.5 -2025-01-22
CVE-2024-45654 IBM Security ReaQta improper input validation — Security ReaQta 4.3 Medium2025-01-19
CVE-2024-11146 TrueFiling authorization bypass via user-controlled keys — TrueFiling 6.3 Medium2025-01-17
CVE-2024-47254 2N Access Commander 安全漏洞 — 2N Access Commander 6.3 Medium2024-11-05
CVE-2024-51561 Authentication bypass Vulnerability in Aero — Aero 6.8AIMediumAI2024-11-04
CVE-2024-21510 Sinatra 安全漏洞 — sinatra 5.4 Medium2024-11-01
CVE-2024-5754 BT: Encryption procedure host vulnerability — Zephyr 8.2 High2024-09-13
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state — tpm2-tools 9.1 Critical2024-06-28
CVE-2023-46686 Gallagher Command Centre 安全漏洞 — Command Centre Diagnostics Service 5.5 Medium2023-12-18
CVE-2022-24400 DCK pinning attack in TETRA — TETRA Standard 7.5 High2023-10-19
CVE-2023-0009 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability — GlobalProtect App 7.8 High2023-06-14
CVE-2022-20744 Cisco Firepower Management Center Software Information Disclosure Vulnerability — Cisco Firepower Management Center 6.5 -2022-05-03
CVE-2021-36777 login-proxy sends password to attacker-provided domain — Build service 8.1 High2022-03-09
CVE-2021-31999 Rancher: Privilege escalation vulnerability via malicious Connection header — Rancher 8.8 High2021-07-15
CVE-2021-29479 Cached redirect poisoning via X-Forwarded-Host header — ratpack 7.0 High2021-06-29
CVE-2020-5252 Malicious package may avoid detection in python auditing — safety 5.0 Medium2020-03-23
CVE-2017-0887 Nextcloud Server 安全漏洞 — Nextcloud Server 2.7 -2017-04-05

Vulnerabilities classified as CWE-807 (在安全决策中依赖未经信任的输入) represent 58 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.