| CAPEC | Related Weakness |
| Blind SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| XQuery Injection |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Web Logs Tampering |
| CWE-20 | Improper Input Validation |
| CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| CWE-116 | Improper Encoding or Escaping of Output |
| CWE-117 | Improper Output Neutralization for Logs |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences |
| CWE-221 | Information Loss or Omission |
| CWE-276 | Incorrect Default Permissions |
| CWE-279 | Incorrect Execution-Assigned Permissions |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Log Injection-Tampering-Forging |
| CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| CWE-117 | Improper Output Neutralization for Logs |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| OS Command Injection |
| CWE-20 | Improper Input Validation |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| XPath Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-91 | XML Injection (aka Blind XPath Injection) |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| HTTP Response Splitting |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Argument Injection |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-185 | Incorrect Regular Expression |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Manipulating Writeable Configuration Files |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
| CWE-346 | Origin Validation Error |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
| CWE-353 | Missing Support for Integrity Check |
| CWE-354 | Improper Validation of Integrity Check Value |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Client-side Injection-induced Buffer Overflow |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-118 | Incorrect Access of Indexable Resource ('Range Error') |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-353 | Missing Support for Integrity Check |
| CWE-680 | Integer Overflow to Buffer Overflow |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Command Delimiters |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| CWE-138 | Improper Neutralization of Special Elements |
| CWE-140 | Improper Neutralization of Delimiters |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters |
| CWE-154 | Improper Neutralization of Variable Name Delimiters |
| CWE-157 | Failure to Sanitize Paired Delimiters |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-185 | Incorrect Regular Expression |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
| CWE-150 | Improper Neutralization of Escape, Meta, or Control Sequences |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Overflow Binary Resource File |
| CWE-119 | Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Server Side Include (SSI) Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| XML Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-91 | XML Injection (aka Blind XPath Injection) |
| CWE-707 | Improper Neutralization |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
