Use of externally-controlled input to select classes or code High

Use of unsanitized external input in reflection to determine which class to instantiate or which method to invoke is dangerous. An attacker could create unintended control flow paths to bypass authentication or access control checks, or even inject malicious code.

Detector ID
Common Weakness Enumeration (CWE) external icon