Lack of data validation - Type confusion
Description
A field is interpreted on the server-side, although it indicates that it only accepts numbers, it allows values in the form 0xff.
Impact
- Get internal information about the operation of the system. - Inject code and get it interpreted by the server.
Recommendation
Validate on the server-side the data types that are entered but prevent them from being interpreted.
Threat
Authorized user from intranet.
Expected Remediation Time
⏱️ 30 minutes.