VYPR

CWE-914

Improper Control of Dynamically-Identified Variables

BaseIncomplete

Description

The product does not properly restrict reading from or writing to dynamically-identified variables.

Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.

Hierarchy (View 1000)

CVEs mapped to this weakness (5)

  • CVE-2024-54198HigDec 10, 2024
    risk 0.55cvss 8.5epss 0.01

    In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited…

  • CVE-2026-35173MedApr 6, 2026
    risk 0.42cvss 6.5epss 0.00

    Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) to modify posts they do not own and…

  • CVE-2025-14085MedDec 5, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is…

  • CVE-2025-14051MedDec 4, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be…

  • CVE-2023-33175May 30, 2023
    risk 0.00cvss epss 0.01

    ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in…