Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.
NOTE: The title was originally from http://www.cve.mitre.org/ and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is Allowing External Setting Manipulation
- An application takes a user-controllable parameter in the HTTP request to decide whether to turn on the debug mode.
- The serialized object that stores the current system status can be overwritten by user input.