Environment variable tampering occurs in a web application when it retrieves
data like parameters or headers from an incoming HTTP request and uses it to define
the variables.

Depending on the controlled variable, an attacker could
man-in-the-middle network requests or, in rare cases, achieve code execution.