CWE-628
Function Call with Incorrectly Specified Arguments
Description
The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
{"xhtml:p":["There are multiple ways in which this weakness can be introduced, including:"],"xhtml:ul":[{"xhtml:li":["the wrong variable or reference;","an incorrect number of arguments;","incorrect order of arguments;","wrong type of arguments; or","wrong value."]}]}
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Quality Degradation, Gain Privileges or Assume Identity
Potential Mitigations
Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA.
Make sure your API's are stable before you use them in production code.
CVE-2006-7049The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now