CWE-991: SFP Secondary Cluster: Tainted Input to Environment

ID CWE-991

Status Incomplete

This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Environment cluster (SFP27).

View		Weakness
# ID	Name	# ID	Name	Abstraction	Structure	Status
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-114	Process Control	Class	Simple	Incomplete
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-427	Uncontrolled Search Path Element	Base	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	Base	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-471	Modification of Assumed-Immutable Data (MAID)	Base	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-472	External Control of Assumed-Immutable Web Parameter	Base	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-473	PHP External Variable Modification	Variant	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-494	Download of Code Without Integrity Check	Base	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-622	Improper Validation of Function Hook Arguments	Variant	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-673	External Influence of Sphere Definition	Class	Simple	Draft
CWE-888	Software Fault Pattern (SFP) Clusters	CWE-94	Improper Control of Generation of Code ('Code Injection')	Base	Simple	Draft