CWE-683: Function Call With Incorrect Order of Arguments
Weakness ID: 683
The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.
While this weakness might be caught by the compiler in some languages, it can occur more frequently in cases in which the called function accepts variable numbers or types of arguments, such as format strings in C. It also can occur in languages or environments that do not enforce strong typing.
Time of Introduction
Modes of Introduction
This problem typically occurs when the programmer makes a typo, or copy
and paste errors.
Technical Impact: Quality degradation
The following PHP method authenticates a user given a
username/password combination but is called with the parameters in reverse
Application calls functions with arguments in the
wrong order, allowing attacker to bypass intended access
Use the function, procedure, or routine as specified.
Because this function call often produces incorrect behavior it will
usually be detected during testing or normal operation of the software.
During testing exercise all possible control paths will typically expose
this weakness except in rare cases when the incorrect function call
accidentally produces the correct results or if the provided argument
type is very similar to the expected argument type.
the weakness exists independent of other weaknesses)