| CAPEC | Related Weakness |
| Manipulating Web Input to File System Calls |
| CWE-15 | External Control of System or Configuration Setting |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CWE-23 | Relative Path Traversal |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
| CWE-73 | External Control of File Name or Path |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-264 | Permissions, Privileges, and Access Controls |
| CWE-272 | Least Privilege Violation |
| CWE-285 | Improper Authorization |
| CWE-346 | Origin Validation Error |
| CWE-348 | Use of Less Trusted Source |
| CWE-715 | OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference |
|
| Command Injection |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
| Manipulating Writeable Configuration Files |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
| CWE-346 | Origin Validation Error |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
| CWE-353 | Missing Support for Integrity Check |
| CWE-354 | Improper Validation of Integrity Check Value |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| LDAP Injection |
| CWE-20 | Improper Input Validation |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
| Command Delimiters |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| CWE-138 | Improper Neutralization of Special Elements |
| CWE-140 | Improper Neutralization of Delimiters |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters |
| CWE-154 | Improper Neutralization of Variable Name Delimiters |
| CWE-157 | Failure to Sanitize Paired Delimiters |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-185 | Incorrect Regular Expression |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| IMAP/SMTP Command Injection |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
| Manipulating Writeable Terminal Devices |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
| Exploiting Multiple Input Interpretation Layers |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-179 | Incorrect Behavior Order: Early Validation |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-183 | Permissive List of Allowed Inputs |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
