Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Accessing and invoking object methods dynamically using non-static or user-provided values can allow attackers to execute unauthorized functions. This is risky if the method name comes from user input or other untrusted sources.
Impact#
If exploited, an attacker could call arbitrary functions within your application, potentially leading to code execution, data leaks, or unauthorized actions. This can compromise the application’s integrity and expose sensitive data or functionality.