CWE-683: Function Call With Incorrect Order of Arguments

Description

The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.

Submission Date :

April 11, 2008, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.

Example Vulnerable Codes

Example - 1

The following PHP method authenticates a user given a username/password combination but is called with the parameters in reverse order.


// // authenticate user// 
...
function authenticate($username, $password) {}authenticate($_POST['password'], $_POST['username']);

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-628: Function Call with Incorrectly Specified Arguments

Go to

Visit http://cwe.mitre.org/ for more details.