CWE-566Authorization Bypass Through User-Controlled SQL Primary Key

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-566
摘要:
Variant
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Authorization Bypass Through User-Controlled SQL Primary Key

描述

The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.

When a user can set a primary key to any value, then the user can modify the key to point to unauthorized records. Database access control errors occur when:

常见后果

范围:
Confidentiality, Integrity, Access Control
影响:
Read Application Data, Modify Application Data, Bypass Protection Mechanism

相关 CWE