An high privileged remote attacker can access a hidden configuration method, that should not be accessible by any user, to modify critical program parameters. This can result in a total loss of confidentiality, integrity and availability.
Weakness
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/127.html
- https://cwe.mitre.org/data/definitions/143.html
- https://cwe.mitre.org/data/definitions/144.html
- https://cwe.mitre.org/data/definitions/668.html
- https://cwe.mitre.org/data/definitions/87.html