SFP Secondary Cluster: Tainted Input to Variable

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25).

Weaknesses

Authorization Bypass Through User-Controlled SQL Primary Key

The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be cont...

Deserialization of Untrusted Data

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

External Initialization of Trusted Variables or Data Stores

The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...

Incomplete Identification of Uploaded File Variables (PHP)

The PHP application uses an old method for processing uploaded files by referencing the four global variables that are set for each file (e.g. $varname, $varname_size,...

Public Data Assigned to Private Array-Typed Field

Assigning public data to a private array is equivalent to giving public access to the array.

Unchecked Input for Loop Condition

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.