CWE-110: Struts: Validator Without Form Field
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.
常见后果
影响范围: Other
技术影响: Other
说明: It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today's worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.
检测方法
方法: Automated Static Analysis
To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.
有效性: Moderate
方法: Manual Static Analysis
To find the issue in the implementation, manual checks or automated static analysis could be applied to the XML configuration files.
有效性: Moderate
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
| Operation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| 7 Pernicious Kingdoms | - | Struts: Validator Without Form Field | - |
| Software Fault Patterns | SFP24 | Tainted input to command | - |