CWE-807 Reliance on Untrusted Inputs in a Security Decision

What this means

SiteShadow flagged a security decision being made using untrusted input (client-provided fields, headers, query params) without verification.

Why it matters

Trusting unverified input can enable bypasses and escalation.

• Authz bypass when "who are you?" or "are you admin?" comes from the client.
• Business logic abuse when decisions depend on client-sent totals, prices, or states.
• Often a root cause behind multiple higher-level issues (see CWE-501 / B01).

Safer examples

1) Verify identity and roles server-side

Use server-validated sessions/tokens and load roles/permissions from the server.

2) Validate and allowlist inputs

Validate at the boundary and reject unexpected shapes (see CWE-20).

3) Recompute sensitive values server-side

Don't trust client totals/prices/state; recompute or verify with signatures (see A11).

How SiteShadow detects it (high level)

• Identifies security decisions (auth, permissions, state) and checks whether the deciding values originate from untrusted sources.
• Flags missing verification/normalization around those values.

References

• CWE-807: https://cwe.mitre.org/data/definitions/807.html

---

← Back to Vulnerability Library