CWE-994: SFP Secondary Cluster: Tainted Input to Variable
ID
CWE-994
Status
Incomplete
This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25).
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-15 | External Control of System or Configuration Setting | Base | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-20 | Improper Input Validation | Class | Simple | Stable | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-454 | External Initialization of Trusted Variables or Data Stores | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-496 | Public Data Assigned to Private Array-Typed Field | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-502 | Deserialization of Untrusted Data | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | Variant | Simple | Incomplete | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-606 | Unchecked Input for Loop Condition | Base | Simple | Draft | |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | Variant | Simple | Incomplete | |
Loading...