CWE-661: Weaknesses in Software Written in PHP
ID
CWE-661
Type
Implicit
Status
Draft
This view (slice) covers issues that are found in PHP programs that are not common to all languages.
Relationships
| Type | # ID | Name | Abstraction | Structure | Status | |
|---|---|---|---|---|---|---|
| Weakness | CWE-1024 | Comparison of Incompatible Types | Base | Simple | Incomplete | |
| Weakness | CWE-1336 | Improper Neutralization of Special Elements Used in a Template Engine | Base | Simple | Incomplete | |
| Weakness | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
| Weakness | CWE-211 | Externally-Generated Error Message Containing Sensitive Information | Base | Simple | Incomplete | |
| Weakness | CWE-434 | Unrestricted Upload of File with Dangerous Type | Base | Simple | Draft | |
| Weakness | CWE-453 | Insecure Default Variable Initialization | Variant | Simple | Draft | |
| Weakness | CWE-454 | External Initialization of Trusted Variables or Data Stores | Base | Simple | Draft | |
| Weakness | CWE-457 | Use of Uninitialized Variable | Variant | Simple | Draft | |
| Weakness | CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | Base | Simple | Draft | |
| Weakness | CWE-473 | PHP External Variable Modification | Variant | Simple | Draft | |
| Weakness | CWE-474 | Use of Function with Inconsistent Implementations | Base | Simple | Draft | |
| Weakness | CWE-484 | Omitted Break Statement in Switch | Base | Simple | Draft | |
| Weakness | CWE-502 | Deserialization of Untrusted Data | Base | Simple | Draft | |
| Weakness | CWE-595 | Comparison of Object References Instead of Object Contents | Variant | Simple | Incomplete | |
| Weakness | CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | Variant | Simple | Incomplete | |
| Weakness | CWE-621 | Variable Extraction Error | Variant | Simple | Incomplete | |
| Weakness | CWE-624 | Executable Regular Expression Error | Base | Simple | Incomplete | |
| Weakness | CWE-625 | Permissive Regular Expression | Base | Simple | Draft | |
| Weakness | CWE-626 | Null Byte Interaction Error (Poison Null Byte) | Variant | Simple | Draft | |
| Weakness | CWE-627 | Dynamic Variable Evaluation | Variant | Simple | Incomplete | |
| Weakness | CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | Base | Simple | Draft | |
| Weakness | CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes | Base | Simple | Incomplete | |
| Weakness | CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | Variant | Simple | Incomplete | |
| Weakness | CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Base | Simple | Draft | |
| Weakness | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | Variant | Simple | Draft |
Loading...