CWE-914: Improper Control of Dynamically-Identified Variables

BaseIncomplete

The product does not properly restrict reading from or writing to dynamically-identified variables.

View on MITRE
Back to CWE Lookup

Extended Description

Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-914

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references