CWE-526 Information Exposure Through Environmental Variables
Environmental variables may contain sensitive information about a remote server.
0 1 0 0 1
CWE-232 Improper Handling of Undefined Values
The software does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.
0 1 0 0 1
CWE-372 Incomplete Internal State Distinction
The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
0 1 0 0 1
CWE-393 Return of Wrong Status Code
A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.
0 0 1 0 1
CWE-278 Insecure Preserved Inherited Permissions
A product inherits a set of insecure permissions for an object, e.g. when copying from an archive file, without user awareness or involvement.
0 0 1 0 1
CWE-839 Numeric Range Comparison Without Minimum Check
The program checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.
0 0 1 0 1
CWE-473 PHP External Variable Modification
A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise.
0 0 0 1 1
CWE-612 Information Exposure Through Indexing of Private Data
The product creates a search index of private or sensitive documents, but it does not properly limit index access to actors who are authorized to see the original information.
0 1 0 0 1
CWE-645 Overly Restrictive Account Lockout Mechanism
The software contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.
0 0 1 0 1
CWE-836 Use of Password Hash Instead of Password for Authentication
The software records password hashes in a data store, receives a hash of a password from a client, and compares the supplied hash to the hash obtained from the data store.
0 0 1 0 1