General Information

MVC Mass Assignment

Variants:
Direct 

Also Known As:
Insecure Object Mapping

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any, MVC

Target Type:
Web Application

Affected Mechanisms:
Web Application Configuration, Secure Design

Invented In:
21/09/2008

Added In:
08/12/2014


Vector Operation Method:
Malicious inputs abusing the MVC autobinding feature can elevate attacker privileges and affect restricted server values


Direct Variant:

MVC Mass Assignment

Variant Title:
MVC Mass Assignment

Typical Severity:
Major

Learn More: