Vulnerability Details
Severity:
Medium
Category:
Web Application
Description
The application does not properly handle duplicate HTTP parameters, allowing attackers to inject additional parameters that override or supplement existing ones to bypass validation.
Risks
An attacker could bypass input validation, WAF rules, or access controls by supplying duplicate parameters that are processed differently by front-end and back-end components.
Remediation
Standardize parameter handling across all application layers. Reject requests with duplicate parameters. Use a consistent parameter parsing strategy. Validate parameters after all processing stages.