CWE-472 137 個 CVE MITRE 定義 ↗

CWE-472:External Control of Assumed-Immutable Web Parameter

概覽

CWE-472(External Control of Assumed-Immutable Web Parameter)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Web Based Undetermined
technology Web Server Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-56877 2026-07-13 The SCORM lab launch endpoint in Skillable (scorm.skillable.com) through 2026-07-13 does not validate the client-supplied userId parameter against the authenticated SCORM session token. An authenticat…
CVE-2026-59817 2026-07-09 Ghost is a Node.js content management system. From 6.27.0 before 6.44.0, Ghost's public donation checkout flow allowed an unauthenticated attacker to control donation checkout metadata and obtain full…
CVE-2026-14430 2026-07-01 Integer overflow in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVE-2026-14391 2026-07-01 Integer overflow in ANGLE in Google Chrome on Windows prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process…
CVE-2026-14389 2026-07-01 Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-14387 2026-07-01 Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-14069 2026-06-30 Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security …
CVE-2026-13974 2026-06-30 Integer overflow in Safe Browsing in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Medium)
CVE-2026-13938 2026-06-30 Integer overflow in Fonts in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-13841 2026-06-30 Integer overflow in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
CVE-2026-13801 2026-06-30 Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-13796 2026-06-30 Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
CVE-2026-13281 2026-06-25 Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chro…
CVE-2026-42655 2026-06-15 Unauthenticated Bypass Vulnerability in Best Payments Plugin for WP <= 4.6.19 versions.
CVE-2025-59382 2026-06-09 QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:
CVE-2026-11678 2026-06-08 Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory v…
CVE-2026-11669 2026-06-08 Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pro…
CVE-2026-11655 2026-06-08 Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
CVE-2026-11640 2026-06-08 Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …
CVE-2026-11290 2026-06-04 Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low)

曾用名

  • Web Parameter Tampering (2008-04-11)

內容提交

名稱
PLOVER
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Sean Eidemiller 1.0 added/updated demonstrative examples
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Description, Relationships, Other_Notes, Taxonomy_Mappings
2009-01-12 CWE Content Team 1.2 updated Relationships
2009-07-27 CWE Content Team 1.5 updated Potential_Mitigations
2009-10-29 CWE Content Team 1.6 updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationship_Notes, Theoretical_Notes
2010-04-05 CWE Content Team 1.8.1 updated Related_Attack_Patterns
2010-12-13 CWE Content Team 1.11 updated Description
2011-03-29 CWE Content Team 1.12 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, References, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships
2019-01-03 CWE Content Team 3.2 updated Related_Attack_Patterns
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships
2020-02-24 CWE Content Team 4.0 updated Potential_Mitigations, Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence