CWE-541: Inclusion of Sensitive Information in an Include File

Variant Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and system.

常见后果

影响范围: Confidentiality

技术影响: Read Application Data

潜在缓解措施

阶段: Architecture and Design

描述: Do not store sensitive information in include files.

阶段: Architecture and Design System Configuration

描述: Protect include files from being exposed.

引入模式

阶段 说明
Implementation -
关键信息

CWE ID: CWE-541

抽象级别: Variant

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-540

Inclusion of Sensitive Information in Source Code

Base
返回列表