CWE-698
Execution After Redirect (EAR)
Description
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
Top Monitored CVEs
Consequences
Other, Confidentiality, Integrity, Availability
—
Alter Execution Logic, Execute Unauthorized Code or Commands
This weakness could affect the control flow of the application and allow execution of untrusted code.
Detection
Black Box
This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss.