SFP Secondary Cluster: Tainted Input to Variable
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25).
Weaknesses
The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be contr...
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
One or more system settings or configuration elements can be externally controlled by a user.
The product initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size,...
Assigning public data to a private array is equivalent to giving public access to the array.
The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...
Concepts
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.