CWE-473— PHP External Variable Modification
A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.— MITRE CWE catalog
4 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-473page 1 of 1
- CVE-2023-36844MEDIUMCVSS 5.3EG 9.0⚠ KEV2023-08-17
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attack…
- CVE-2023-36845CRITICALCVSS 9.8EG 9.8⚠ KEV2023-08-17
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Using a crafted request which sets the va…
- CVE-2024-27489HIGHCVSS 7.5EG 7.52024-07-19
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
- CVE-2026-40285HIGHCVSS 8.8EG 8.82026-04-17
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpf_usuario POST parameter overwrites the session-stored user identity via extract($_RE…
Map vulnerabilities like CWE-473 to your infrastructure
EchelonGraph correlates every CVE — across CWE-473 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →