Feature Value
Type Protection
Risk Other
Covered by Library

Software frameworks sometimes allow developers to automatically bind HTTP request parameters into program code variables or objects to make using that framework easier. This can sometimes cause harm.

Attackers can sometimes use this methodology to create new parameters that the developer never intended, which in turn creates or overwrites new variables or objects in program code.

This is called a Mass Assignment vulnerability.

More information

How to solve it