CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Class Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product does not adequately filter user-controlled input for special elements with control implications.

常见后果

影响范围: Integrity Confidentiality Availability

技术影响: Modify Application Data Execute Unauthorized Code or Commands

潜在缓解措施

阶段: Requirements

描述: Programming languages and supporting technologies might be chosen which are not subject to these issues.

阶段: Implementation

描述: Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.

引入模式

阶段 说明
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

适用平台

编程语言
Not Language-Specific (Undetermined)

分类映射

分类名称 条目ID 条目名称 映射适配度
PLOVER - Special Element Injection -
关键信息

CWE ID: CWE-75

抽象级别: Class

结构: Simple

状态: Draft

相关弱点
ChildOf CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Class
相关攻击模式
CAPEC-81 CAPEC-93
返回列表