Weakness browsing - CVE-Search

CAPEC

Related Weakness

Leverage Executable Code in Non-Executable Files

CWE-59	Improper Link Resolution Before File Access ('Link Following')
CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
CWE-270	Privilege Context Switching Error
CWE-272	Least Privilege Violation
CWE-282	Improper Ownership Management

User-Controlled Filename

CWE-20	Improper Input Validation
CWE-86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116	Improper Encoding or Escaping of Output
CWE-184	Incomplete List of Disallowed Inputs
CWE-348	Use of Less Trusted Source
CWE-350	Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697	Incorrect Comparison

Manipulating User-Controlled Variables

CWE-15	External Control of System or Configuration Setting
CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285	Improper Authorization
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-473	PHP External Variable Modification
CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Web Server Logs Tampering

CWE-20	Improper Input Validation
CWE-75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116	Improper Encoding or Escaping of Output
CWE-117	Improper Output Neutralization for Logs
CWE-150	Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221	Information Loss or Omission
CWE-276	Incorrect Default Permissions
CWE-279	Incorrect Execution-Assigned Permissions

AJAX Footprinting

CWE-20	Improper Input Validation
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
CWE-116	Improper Encoding or Escaping of Output
CWE-184	Incomplete List of Disallowed Inputs
CWE-348	Use of Less Trusted Source
CWE-692	Incomplete Denylist to Cross-Site Scripting