CAPEC Related Weakness
Manipulating Web Input to File System Calls
CWE-15External Control of System or Configuration Setting
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264Permissions, Privileges, and Access Controls
CWE-272Least Privilege Violation
CWE-285Improper Authorization
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Manipulate Registry Information
CWE-15External Control of System or Configuration Setting
Modification of Registry Run Keys
CWE-15External Control of System or Configuration Setting
XML Schema Poisoning
CWE-15External Control of System or Configuration Setting
CWE-472External Control of Assumed-Immutable Web Parameter
Configuration/Environment Manipulation
CWE-15External Control of System or Configuration Setting
Target Programs with Elevated Privileges
CWE-15External Control of System or Configuration Setting
CWE-250Execution with Unnecessary Privileges
CWE-264Permissions, Privileges, and Access Controls
Subverting Environment Variable Values
CWE-15External Control of System or Configuration Setting
CWE-20Improper Input Validation
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-353Missing Support for Integrity Check
Schema Poisoning
CWE-15External Control of System or Configuration Setting
Manipulating User-Controlled Variables
CWE-15External Control of System or Configuration Setting
CWE-94Improper Control of Generation of Code ('Code Injection')
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-473PHP External Variable Modification
Back to Top