null>CWE-598 - Use of GET Request Method With Sensitive Query Strings
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-12-15
- Latest Modification Date:2025-04-03
Weakness Name
Use of GET Request Method With Sensitive Query Strings
Description
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request.
Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: At a minimum, attackers can garner information from query strings that can be utilized in escalating their method of attack, such as information about the internal workings of the application or database column names. Successful exploitation of query string parameter vulnerabilities could lead to an attacker impersonating a legitimate user, obtaining proprietary data, or simply executing actions not intended by the application developers.