CWE-233
AllowedImproper Handling of Parameters
Abstraction: Base · Status: Incomplete
The product does not properly handle when the expected number of parameters, fields, or arguments is not provided in input, or if those parameters are undefined.
51 vulnerabilities reference this CWE, most recent first.
GHSA-XXFG-PM66-VC8J
Vulnerability from github – Published: 2022-11-12 12:00 – Updated: 2025-05-01 15:31Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
{
"affected": [],
"aliases": [
"CVE-2022-45182"
],
"database_specific": {
"cwe_ids": [
"CWE-233"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-11T20:15:00Z",
"severity": "CRITICAL"
},
"details": "Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.",
"id": "GHSA-xxfg-pm66-vc8j",
"modified": "2025-05-01T15:31:31Z",
"published": "2022-11-12T12:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45182"
},
{
"type": "WEB",
"url": "https://github.com/AndyTaylorTweet/Pi-Star_DV_Dash/issues/169"
},
{
"type": "WEB",
"url": "https://github.com/AndyTaylorTweet/Pi-Star_DV_Dash/commit/0ad7d00210fc2c0eb7073e5ed429ac265ccfebbd"
},
{
"type": "WEB",
"url": "https://github.com/AndyTaylorTweet/Pi-Star_DV_Dash/commit/1e46533f4051648bc40478d99201f19241bbaa41"
},
{
"type": "WEB",
"url": "https://github.com/AndyTaylorTweet/Pi-Star_DV_Dash/commit/5aa194df3dfc92cc21f6604bbda32268f4a624ce"
},
{
"type": "WEB",
"url": "https://www.pistar.uk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-39: Manipulating Opaque Client-based Data Tokens
In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.