Web Application Potentially Sensitive CGI Parameter Detection

info Nessus Plugin ID 40773


An application was found that may use CGI parameters to control sensitive information.


According to their names, some CGI parameters may control sensitive data (e.g., ID, privileges, commands, prices, credit card data, etc.). In the course of using an application, these variables may disclose sensitive data or be prone to tampering that could result in privilege escalation. These parameters should be examined to determine what type of data is controlled and if it poses a security risk.

** This plugin only reports information that may be useful for auditors
** or pen-testers, not a real flaw.


Ensure sensitive data is not disclosed by CGI parameters. In addition, do not use CGI parameters to control access to resources or privileges.

Plugin Details

Severity: Info

ID: 40773

File Name: webapp_sensitive_cgi_parameters.nasl

Version: 1.12

Type: remote

Family: CGI abuses

Published: 8/25/2009

Updated: 1/19/2021

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests