CWE-624: Executable Regular Expression Error
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.
扩展描述
Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Execute Unauthorized Code or Commands
潜在缓解措施
阶段: Implementation
描述: The regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \Q and \E in Perl.
观察示例
参考: CVE-2006-2059
Executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
参考: CVE-2005-3420
Executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
参考: CVE-2006-2878
Complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the "/e" modifier
参考: CVE-2006-2908
Function allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Software Fault Patterns | SFP24 | Tainted input to command | - |