CAPEC Related Weakness
Blind SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-209Generation of Error Message Containing Sensitive Information
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
XQuery Injection
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Postfix, Null Terminate, and Backslash
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158Improper Neutralization of Null Byte or NUL Character
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Generic Cross-Browser Cross-Domain Theft
CWE-149Improper Neutralization of Quoting Syntax
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-707Improper Neutralization
CWE-838Inappropriate Encoding for Output Context
Web Services Protocol Manipulation
CWE-707Improper Neutralization
XPath Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
HTTP Response Splitting
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Slashes and URL Encoding Combined to Bypass Validation Logic
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-177Improper Handling of URL Encoding (Hex Encoding)
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Embedding NULL Bytes
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-158Improper Neutralization of Null Byte or NUL Character
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Using Escaped Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
SOAP Manipulation
CWE-707Improper Neutralization
HTTP Request Smuggling
CWE-436Interpretation Conflict
CWE-444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CWE-707Improper Neutralization
SQL Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Using Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21DEPRECATED: Pathname Traversal and Equivalence Errors
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-185Incorrect Regular Expression
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Inter-component Protocol Manipulation
CWE-707Improper Neutralization
XML Injection
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-91XML Injection (aka Blind XPath Injection)
CWE-707Improper Neutralization
CWE-713OWASP Top Ten 2007 Category A2 - Injection Flaws
Data Interchange Protocol Manipulation
CWE-707Improper Neutralization
Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CWE-20Improper Input Validation
CWE-41Improper Resolution of Path Equivalence
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-172Encoding Error
CWE-173Improper Handling of Alternate Encoding
CWE-179Incorrect Behavior Order: Early Validation
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Exploiting Multiple Input Interpretation Layers
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-171DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
CWE-179Incorrect Behavior Order: Early Validation
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-183Permissive List of Allowed Inputs
CWE-184Incomplete List of Disallowed Inputs
CWE-697Incorrect Comparison
CWE-707Improper Neutralization
Back to Top