Description

The application allows attackers to control its setting. This enables attackers to manipulate the setting of the application to cause the application to behave in unexpected ways.

Examples

• The privileged system administrative functions are exposed.

• The application takes user-controllable data to update its settings.
  • Set the debug mode based on a hidden field in the request.
  • The application takes a serialized data object from the request to update its settings.