Category: OWASP Top Ten 2007 Category A3 - Malicious File Execution

Obsolete

Summary

Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2007.

Membership

ID	Name	Description
CWE-434	Unrestricted Upload of File with Dangerous Type	This vulnerability occurs when an application accepts file uploads without properly restricting the file types, allowing attackers to upload and execute malicious files on the server.
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	OS Command Injection occurs when an application builds a system command using untrusted, external input without properly sanitizing it. This allows an attacker to inject and execute arbitrary commands on the underlying operating system.
CWE-95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')	This vulnerability occurs when an application takes user input and passes it directly into a dynamic code execution function, like eval(), without properly sanitizing it. This allows an attacker to inject and execute arbitrary code within the application's context.
CWE-98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	This vulnerability occurs when a PHP application uses unvalidated or insufficiently restricted user input directly within file inclusion functions like require() or include().
CWE-629	Weaknesses in OWASP Top Ten (2007)	CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2007. This view is considered obsolete as a newer version of the OWASP Top Ten is available.

Vulnerability Mapping Notes

Usage: Prohibited

Reasons: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comment:

See member weaknesses of this category.