CWE-473: PHP External Variable Modification
high-riskA PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.
Abstraction: Variant
Common Consequences
Integrity
→
Modify Application Data
Real-World Examples (4)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-36845 | 9.8 | 94.4% | Y |
| CVE-2023-36844 | 5.3 | 94.3% | Y |
| CVE-2026-28411 | 9.8 | 0.8% | — |
| CVE-2024-27489 | 7.5 | 0.1% | — |
53
/ 100
high-risk
Active Threat
30/50 · High
Exploit Availability
23/50 · Moderate