| Manipulating Web Input to File System Calls |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-23
|
Relative Path Traversal
|
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-285
|
Improper Authorization
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-715
|
OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
|
|
| Target Programs with Elevated Privileges |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-250
|
Execution with Unnecessary Privileges
|
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
| Using Malicious Files |
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
CWE-270
|
Privilege Context Switching Error
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-275
|
Permission Issues
|
|
CWE-282
|
Improper Ownership Management
|
|
CWE-285
|
Improper Authorization
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Restful Privilege Elevation |
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
CWE-267
|
Privilege Defined With Unsafe Actions
|
|
CWE-269
|
Improper Privilege Management
|
|
| Leverage Executable Code in Non-Executable Files |
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection')
|
|
CWE-95
|
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
|
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
|
CWE-97
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
|
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
|
CWE-270
|
Privilege Context Switching Error
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-275
|
Permission Issues
|
|
CWE-282
|
Improper Ownership Management
|
|
CWE-714
|
OWASP Top Ten 2007 Category A3 - Malicious File Execution
|
|