Lack of data validation
Description
The application does not control the the server side where you have permission to modify certain fields and allows the use of invalid data in some fields, for example, an ID composed of only letters.
Impact
Inject potentially malicious characters into application fields.
Recommendation
Validate on the server side the data types that are entered into different kind of fields in the application.
Threat
External attacker with access to the application.
Expected Remediation Time
⏱️ 30 minutes.
Score
Default score using CVSS 4.0. It may change depending on the context of the src.
Base 4.0
Attack vector
N
Attack complexity
L
Attack requirements
N
Privileges required
L
User interaction
N
Confidentiality (VC)
N
Integrity (VI)
L
Availability (VA)
N
Confidentiality (SC)
N
Integrity (SI)
N
Availability (SA)
N
Threat 4.0
Exploit maturity
X
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N