SFP Secondary Cluster: Tainted Input to Environment

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Environment cluster (SFP27).


Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

External Influence of Sphere Definition

The product does not prevent the definition of control spheres from external actors.

Improper Control of Generation of Code ('Code Injection')

The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutraliz...

Improper Validation of Function Hook Arguments

The product adds hooks to user-accessible API functions, but it does not properly validate the arguments. This could lead to resultant vulnerabilities.

Modification of Assumed-Immutable Data (MAID)

The software does not properly protect an assumed-immutable element from being modified by an attacker.

PHP External Variable Modification

A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the appli...

Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) o...

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper clas...


Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.