CAPEC Related Weakness
Manipulating Web Input to File System Calls
CWE-15 External Control of System or Configuration Setting
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23 Relative Path Traversal
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264 Permissions, Privileges, and Access Controls
CWE-272 Least Privilege Violation
CWE-285 Improper Authorization
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source
CWE-715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Using UTF-8 Encoding to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
Leverage Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-692 Incomplete Denylist to Cross-Site Scripting
CWE-697 Incorrect Comparison
URL Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
Using Escaped Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Subverting Environment Variable Values
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-353 Missing Support for Integrity Check
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-172 Encoding Error
CWE-173 Improper Handling of Alternate Encoding
CWE-177 Improper Handling of URL Encoding (Hex Encoding)
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization
Using Slashes in Alternate Encoding
CWE-20 Improper Input Validation
CWE-21
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-173 Improper Handling of Alternate Encoding
CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
CWE-181 Incorrect Behavior Order: Validate Before Filter
CWE-185 Incorrect Regular Expression
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-697 Incorrect Comparison
CWE-707 Improper Neutralization