CWE-15 - External Control of System or Configuration Setting
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
External Control of System or Configuration Setting
Description
One or more system settings or configuration elements can be externally controlled by a user.
Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.
Common Consequences
Scope: Other
Impact: Varies by Context
Related Weaknesses
CWE-20Improper Input ValidationHigh
CWE-610Externally Controlled Reference to a Resource in Another Sphere