Categories

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Weaknesses in this category are typically found within source code.

This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.

The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.

The application generates a query intended to access or manipulate data in a data store such as a database, but it does not neutralize or incorrectly neutralizes special elements that can modify the intended logic of the query.

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

The software does not neutralize or incorrectly neutralizes invalid characters or byte sequences in the middle of tag names, URI schemes, and other identifiers.

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

The software does not properly protect an assumed-immutable element from being modified by an attacker.

Environmental variables may contain sensitive information about a remote server.