CWE-425Direct Request ('Forced Browsing')

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
CWE-425 - Direct Request ('Forced Browsing') - Diagram

Metadata

CWE ID:
CWE-425
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Direct Request ('Forced Browsing')

描述

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

常见后果

范围:
Confidentiality, Integrity, Availability, Access Control
影响:
Read Application Data, Modify Application Data, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity

相关 CWE