FOLLOW FLUID ATTACKS
The system does not properly check, on the server’s side, whether or not the
user has enough permissions to modify certain fields,
and/or allows them to use invalid data in some fields.
This is the basis for several types of injections.
R173. Discard unsafe inputs
R320. Avoid client-side control enforcement
R342. Validate request parameters
Corporate member of The OWASP Foundation
Copyright © 2021 Fluid Attacks, We hack your software. All rights reserved.