ClassIncomplete

CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Category: injection

Description

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Common consequences· 5

  • Confidentiality — Read Application Data
    Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation.
  • Access Control — Bypass Protection Mechanism
    In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
  • Other — Alter Execution Logic
    Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code.
  • Integrity / Other — Other
    Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing.
  • Non-Repudiation — Hide Activities
    Often the actions performed by injected control code are unlogged.

Potential mitigations· 2

  • [Requirements]Programming languages and supporting technologies might be chosen which are not subject to these issues.
  • [Implementation]Utilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input.

Related CAPEC attack patterns· 37

CAPEC-10CAPEC-101CAPEC-105CAPEC-108CAPEC-120CAPEC-13CAPEC-135CAPEC-14CAPEC-24CAPEC-250CAPEC-267CAPEC-273CAPEC-28CAPEC-3CAPEC-34CAPEC-42CAPEC-43CAPEC-45CAPEC-46CAPEC-47CAPEC-51CAPEC-52CAPEC-53CAPEC-6CAPEC-64CAPEC-67CAPEC-7CAPEC-71CAPEC-72CAPEC-76CAPEC-78CAPEC-79CAPEC-8CAPEC-80CAPEC-83CAPEC-84CAPEC-9

References

  1. https://cwe.mitre.org/data/definitions/74.html

Exploits (incoming)31

TypeTargetConfidenceTier
AttackPatternManipulating Web Input to File System Callscapec-76100%live
AttackPatternString Format Overflow in syslog()capec-67100%live
AttackPatternHTTP Response Smugglingcapec-273100%live
AttackPatternArgument Injectioncapec-6100%live
AttackPatternEmbedding NULL Bytescapec-52100%live
AttackPatternHTTP Request Splittingcapec-105100%live
AttackPatternBlind SQL Injectioncapec-7100%live
AttackPatternBuffer Overflow in Local Command-Line Utilitiescapec-9100%live
AttackPatternUsing Slashes in Alternate Encodingcapec-79100%live
AttackPatternXML Injectioncapec-250100%live
AttackPatternFilter Failure through Buffer Overflowcapec-24100%live
AttackPatternUsing Unicode Encoding to Bypass Validation Logiccapec-71100%live
AttackPatternClient-side Injection-induced Buffer Overflowcapec-14100%live
AttackPatternUsing UTF-8 Encoding to Bypass Validation Logiccapec-80100%live
AttackPatternBuffer Overflow via Environment Variablescapec-10100%live
AttackPatternPoison Web Service Registrycapec-51100%live
AttackPatternExploiting Multiple Input Interpretation Layerscapec-43100%live
AttackPatternBuffer Overflow via Symbolic Linkscapec-45100%live
AttackPatternSubverting Environment Variable Valuescapec-13100%live
AttackPatternBuffer Overflow in an API Callcapec-8100%live
AttackPatternUsing Slashes and URL Encoding Combined to Bypass Validation Logiccapec-64100%live
AttackPatternLeverage Alternate Encodingcapec-267100%live
AttackPatternXPath Injectioncapec-83100%live
AttackPatternDouble Encodingcapec-120100%live
AttackPatternHTTP Response Splittingcapec-34100%live
AttackPatternFuzzingcapec-28100%live
AttackPatternMIME Conversioncapec-42100%live
AttackPatternFormat String Injectioncapec-135100%live
AttackPatternUsing Leading 'Ghost' Character Sequences to Bypass Input Filterscapec-3100%live
AttackPatternCommand Line Execution through SQL Injectioncapec-108100%live

Showing top 30 of 31 by confidence. Click any target to see the full neighbourhood.

(incoming)119

TypeTargetConfidenceTier
VulnerabilityCVE-2025-0203cve-2025-02030%live
VulnerabilityCVE-2025-0204cve-2025-02040%live
VulnerabilityCVE-2025-0205cve-2025-02050%live
VulnerabilityCVE-2025-0207cve-2025-02070%live
VulnerabilityCVE-2025-0208cve-2025-02080%live
VulnerabilityCVE-2025-0210cve-2025-02100%live
VulnerabilityCVE-2025-0212cve-2025-02120%live
VulnerabilityCVE-2025-0229cve-2025-02290%live
VulnerabilityCVE-2025-0230cve-2025-02300%live
VulnerabilityCVE-2025-0231cve-2025-02310%live
VulnerabilityCVE-2025-0232cve-2025-02320%live
VulnerabilityCVE-2025-0233cve-2025-02330%live
VulnerabilityCVE-2025-0294cve-2025-02940%live
VulnerabilityCVE-2025-0296cve-2025-02960%live
VulnerabilityCVE-2025-0298cve-2025-02980%live
VulnerabilityCVE-2025-0299cve-2025-02990%live
VulnerabilityCVE-2025-0300cve-2025-03000%live
VulnerabilityCVE-2025-0333cve-2025-03330%live
VulnerabilityCVE-2025-0334cve-2025-03340%live
VulnerabilityCVE-2025-0336cve-2025-03360%live
VulnerabilityCVE-2025-0340cve-2025-03400%live
VulnerabilityCVE-2025-0344cve-2025-03440%live
VulnerabilityCVE-2025-0345cve-2025-03450%live
VulnerabilityCVE-2025-0347cve-2025-03470%live
VulnerabilityCVE-2025-0391cve-2025-03910%live
VulnerabilityCVE-2025-0392cve-2025-03920%live
VulnerabilityCVE-2025-0405cve-2025-04050%live
VulnerabilityCVE-2025-0406cve-2025-04060%live
VulnerabilityCVE-2025-0407cve-2025-04070%live
VulnerabilityCVE-2025-0408cve-2025-04080%live

Showing top 30 of 119 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE
Improper Control of Generation of Code ('Code Injection')
CWE
Improper Neutralization of Internal Special Elements
CWE
Improper Neutralization of Multiple Internal Special Elements
CWE
Improper Neutralization of Wildcards or Matching Symbols
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.