MVC Mass Assignment
Variants:
Direct
Also Known As:
Insecure Object Mapping
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any, MVC
Target Type:
Web Application
Affected Mechanisms:
Web Application Configuration, Secure Design
Invented In:
21/09/2008
Added In:
08/12/2014
Vector Operation Method:
Malicious inputs abusing the MVC autobinding feature can elevate attacker privileges and affect restricted server values
