CWE-74
Overview
- CWE ID
- 74
- CWE Name
- Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE Abstraction
- Class
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpre
Extended Description
Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems encompass a wide variety of issues --
Related CWEs
CWE ID | View ID | Nature | Ordinal |
---|---|---|---|
707 | 1000 | ChildOf | Primary |