CWE-627: Dynamic Variable Evaluation

VariantIncomplete

In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.

View on MITRE

Back to CWE Lookup

Extended Description

The resultant vulnerabilities depend on the behavior of the application, both at the crossover point and in any control/data flow that is reachable by the related variables or functions.

Technical Details

Structure: Simple

Applicable To

Languages

PHPPerl

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-627

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references