View: Weaknesses in Software Written in PHP
Draft
Type: Implicit
Objective
This view (slice) covers issues that are found in PHP programs that are not common to all languages.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1024 | Comparison of Incompatible Types | This vulnerability occurs when code directly compares two values of fundamentally different data types, which can lead to unreliable or incorrect results because the comparison logic doesn't handle the type mismatch properly. |
| CWE-1336 | Improper Neutralization of Special Elements Used in a Template Engine | This vulnerability occurs when an application uses a template engine to process user-controlled input but fails to properly sanitize special syntax characters. Attackers can inject template expressions or directives that the engine executes, leading to unintended code execution. |
| CWE-209 | Generation of Error Message Containing Sensitive Information | This vulnerability occurs when an application reveals sensitive details about its internal systems, user data, or environment within error messages shown to users. |
| CWE-211 | Externally-Generated Error Message Containing Sensitive Information | This vulnerability occurs when an application triggers an error message from an external component—like a database, interpreter, or operating system—and that error reveals sensitive details about the system's internal workings, configuration, or data. |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | This vulnerability occurs when an application accepts file uploads without properly restricting the file types, allowing attackers to upload and execute malicious files on the server. |
| CWE-453 | Insecure Default Variable Initialization | This vulnerability occurs when software sets an internal variable to an insecure or unnecessarily weak default value during initialization, rather than using the most secure option available. |
| CWE-454 | External Initialization of Trusted Variables or Data Stores | This vulnerability occurs when an application sets up its critical internal variables or storage systems using data from untrusted, external sources that an attacker could control. |
| CWE-457 | Use of Uninitialized Variable | This vulnerability occurs when a program accesses a variable before it has been assigned a value, leading to unpredictable behavior and potential security risks. |
| CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | This vulnerability occurs when an application uses unvalidated external input, like a URL parameter or form field, to dynamically decide which class to load or which method to execute via reflection. An attacker can manipulate this input to force the application to load unexpected, potentially malicious code. |
| CWE-473 | PHP External Variable Modification | This vulnerability occurs when a PHP application fails to properly validate or sanitize variables that originate from outside the application, such as HTTP query strings, cookies, or POST data. Attackers can exploit this to inject unexpected values, altering the program's logic and security controls. |
| CWE-474 | Use of Function with Inconsistent Implementations | This vulnerability occurs when code relies on a function whose behavior changes across different operating systems or versions, leading to unpredictable security risks when the software runs in an unexpected environment. |
| CWE-484 | Omitted Break Statement in Switch | This vulnerability occurs when a developer forgets to include a 'break' statement inside a switch-case block. Without it, the code execution 'falls through' and unintentionally runs the logic for subsequent cases, leading to unexpected behavior. |
| CWE-502 | Deserialization of Untrusted Data | This vulnerability occurs when an application accepts and processes serialized data from an untrusted source without proper validation, allowing an attacker to manipulate the data to execute malicious code or cause unexpected behavior. |
| CWE-595 | Comparison of Object References Instead of Object Contents | This vulnerability occurs when code incorrectly checks if two object references point to the same memory location, rather than comparing the actual data or values contained within the objects. This mistake prevents the software from correctly identifying when two separate objects hold equivalent content. |
| CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | This vulnerability occurs in PHP applications that rely on the deprecated, auto-registered global variables for file uploads (like $varname, $varname_size). Because these variables are not properly validated, an attacker can overwrite them to trick the application into processing malicious or unauthorized files. |
| CWE-621 | Variable Extraction Error | This vulnerability occurs when an application uses unvalidated external input to dynamically select which variables to populate with data. Without proper checks, this can allow an attacker to overwrite critical internal variables, leading to unexpected behavior or security breaches. |
| CWE-624 | Executable Regular Expression Error | This vulnerability occurs when an application uses a regular expression that can execute code, either because it directly contains executable logic with unsafe user input, or because an attacker can inject pattern modifiers that enable code execution. |
| CWE-625 | Permissive Regular Expression | This weakness occurs when a regular expression is too permissive, failing to properly validate or sanitize input by allowing unintended values or patterns. |
| CWE-626 | Null Byte Interaction Error (Poison Null Byte) | This vulnerability occurs when software incorrectly processes null bytes (NUL characters) as data moves between different systems or programming languages, leading to unexpected and potentially dangerous behavior. |
| CWE-627 | Dynamic Variable Evaluation | This vulnerability occurs when an application allows user input to directly determine which variable or function name is used at runtime. Without strict validation, an attacker can manipulate these names to access or modify sensitive data, execute unauthorized functions, or disrupt the application's logic. |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | This vulnerability occurs when an application builds a command string for execution by another component, but fails to properly separate or 'neutralize' the intended arguments. This allows an attacker to inject additional command-line arguments, options, or switches by including argument-separating characters (like spaces or dashes) in untrusted input. |
| CWE-915 | Improperly Controlled Modification of Dynamically-Determined Object Attributes | This vulnerability occurs when an application accepts user input that specifies which object attributes or fields to create or update, but fails to restrict which specific attributes can be changed. Attackers can exploit this to modify sensitive internal properties they shouldn't have access to. |
| CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | This vulnerability occurs when an application takes user input and passes it directly into a dynamic code execution function, like eval(), without properly sanitizing it. This allows an attacker to inject and execute arbitrary code within the application's context. |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Static Code Injection occurs when an application incorporates unvalidated or improperly sanitized user input directly into a static, executable resource like a configuration file, template, or library. Because this input is saved and later executed, it allows an attacker to inject malicious code that becomes a permanent part of the application's logic. |
| CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | This vulnerability occurs when a PHP application uses unvalidated or insufficiently restricted user input directly within file inclusion functions like require() or include(). |
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.