Expanding Control over the Operating System from the Database |
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
CWE-250
|
Execution with Unnecessary Privileges
|
|
Target Programs with Elevated Privileges |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-250
|
Execution with Unnecessary Privileges
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
Cross Zone Scripting |
CWE-20
|
Improper Input Validation
|
CWE-116
|
Improper Encoding or Escaping of Output
|
CWE-250
|
Execution with Unnecessary Privileges
|
CWE-285
|
Improper Authorization
|
CWE-638
|
Not Using Complete Mediation
|
|