Categories
CWE | NAME | LAST 12M | LOW | MEDIUM | HIGH | CRITICAL | TOTAL VULNS |
---|---|---|---|---|---|---|---|
CWE-526 | Information Exposure Through Environmental Variables Environmental variables may contain sensitive information about a remote server. | 0 | 1 | 0 | 0 | 1 | |
CWE-232 | Improper Handling of Undefined Values The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name. | 0 | 1 | 0 | 0 | 1 | |
CWE-372 | Incomplete Internal State Distinction The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner. | 0 | 1 | 0 | 0 | 1 | |
CWE-393 | Return of Wrong Status Code A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result. | 0 | 0 | 1 | 0 | 1 | |
CWE-278 | Insecure Preserved Inherited Permissions A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement. | 0 | 0 | 1 | 0 | 1 | |
CWE-839 | Numeric Range Comparison Without Minimum Check The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum. | 0 | 0 | 1 | 0 | 1 | |
CWE-473 | PHP External Variable Modification A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise. | 0 | 0 | 0 | 1 | 1 | |
CWE-612 | Information Exposure Through Indexing of Private Data The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information. | 0 | 1 | 0 | 0 | 1 | |
CWE-645 | Overly Restrictive Account Lockout Mechanism The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out. | 0 | 0 | 1 | 0 | 1 | |
CWE-836 | Use of Password Hash Instead of Password for Authentication The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store. | 0 | 0 | 1 | 0 | 1 |