CWE-914: Improper Control of Dynamically-Identified Variables
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly restrict reading from or writing to dynamically-identified variables.
扩展描述
Many languages offer powerful features that allow the programmer to access arbitrary variables that are specified by an input string. While these features can offer significant flexibility and reduce development time, they can be extremely dangerous if attackers can modify unintended variables that have security implications.
常见后果
影响范围: Integrity
技术影响: Modify Application Data
说明: An attacker could modify sensitive data or program variables.
影响范围: Integrity
技术影响: Execute Unauthorized Code or Commands
影响范围: Other Integrity
技术影响: Varies by Context Alter Execution Logic
潜在缓解措施
阶段: Implementation
策略: Input Validation
描述: For any externally-influenced input, check the input against an allowlist of internal program variables that are allowed to be modified.
阶段: Implementation Architecture and Design
策略: Refactoring
描述: Refactor the code so that internal program variables do not need to be dynamically identified.
观察示例
参考: CVE-2006-7135
extract issue enables file inclusion
参考: CVE-2006-7079
Chain: extract used for register_globals compatibility layer, enables path traversal (CWE-22)
参考: CVE-2007-0649
extract() buried in include files makes post-disclosure analysis confusing; original report had seemed incorrect.
参考: CVE-2006-6661
extract() enables static code injection
参考: CVE-2006-2828
import_request_variables() buried in include files makes post-disclosure analysis confusing
参考: CVE-2009-0422
Chain: Dynamic variable evaluation allows resultant remote file inclusion and path traversal.
参考: CVE-2007-2431
Chain: dynamic variable evaluation in PHP program used to modify critical, unexpected $_SERVER variable for resultant XSS.
参考: CVE-2006-4904
Chain: dynamic variable evaluation in PHP program used to conduct remote file inclusion.
参考: CVE-2006-4019
Dynamic variable evaluation in mail program allows reading and modifying attachments and preferences of other users.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |