| CAPEC | Related Weakness |
| Manipulating Web Input to File System Calls |
| CWE-15 | External Control of System or Configuration Setting |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-23 | Relative Path Traversal |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-264 | Permissions, Privileges, and Access Controls |
| CWE-272 | Least Privilege Violation |
| CWE-285 | Improper Authorization |
| CWE-346 | Origin Validation Error |
| CWE-348 | Use of Less Trusted Source |
| CWE-715 | OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
|
| Leverage Executable Code in Non-Executable Files |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| CWE-94 | Improper Control of Generation of Code ('Code Injection') |
| CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| CWE-264 | Permissions, Privileges, and Access Controls |
| CWE-270 | Privilege Context Switching Error |
| CWE-272 | Least Privilege Violation |
| CWE-275 | Permission Issues |
| CWE-282 | Improper Ownership Management |
| CWE-714 | OWASP Top Ten 2007 Category A3 - Malicious File Execution |
|
| Using Malicious Files |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| CWE-264 | Permissions, Privileges, and Access Controls |
| CWE-270 | Privilege Context Switching Error |
| CWE-272 | Least Privilege Violation |
| CWE-275 | Permission Issues |
| CWE-282 | Improper Ownership Management |
| CWE-285 | Improper Authorization |
| CWE-693 | Protection Mechanism Failure |
| CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
| Target Programs with Elevated Privileges |
| CWE-15 | External Control of System or Configuration Setting |
| CWE-250 | Execution with Unnecessary Privileges |
| CWE-264 | Permissions, Privileges, and Access Controls |
|
| Restful Privilege Elevation |
| CWE-264 | Permissions, Privileges, and Access Controls |
| CWE-267 | Privilege Defined With Unsafe Actions |
| CWE-269 | Improper Privilege Management |
|
