| Expanding Control over the Operating System from the Database |
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
|
CWE-250
|
Execution with Unnecessary Privileges
|
|
| Target Programs with Elevated Privileges |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-250
|
Execution with Unnecessary Privileges
|
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
| Cross Zone Scripting |
|
CWE-20
|
Improper Input Validation
|
|
CWE-116
|
Improper Encoding or Escaping of Output
|
|
CWE-250
|
Execution with Unnecessary Privileges
|
|
CWE-285
|
Improper Authorization
|
|
CWE-638
|
Not Using Complete Mediation
|
|