Category: OWASP Top Ten 2007 Category A3 - Malicious File Execution
Obsolete
Summary
Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2007.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-434 | Unrestricted Upload of File with Dangerous Type | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
| CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
| CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
| CWE-629 | Weaknesses in OWASP Top Ten (2007) | CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2007. This view is considered obsolete as a newer version of the OWASP Top Ten is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.