SynopsisAn application was found that may use CGI parameters to control sensitive information.
DescriptionAccording to their names, some CGI parameters may control sensitive data (e.g., ID, privileges, commands, prices, credit card data, etc.). In the course of using an application, these variables may disclose sensitive data or be prone to tampering that could result in privilege escalation. These parameters should be examined to determine what type of data is controlled and if it poses a security risk.
** This plugin only reports information that may be useful for auditors
** or pen-testers, not a real flaw.
SolutionEnsure sensitive data is not disclosed by CGI parameters. In addition, do not use CGI parameters to control access to resources or privileges.
File Name: webapp_sensitive_cgi_parameters.nasl
Required KB Items: Settings/enable_web_app_tests