BaseDraft

CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Category: injection

Description

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.

Common consequences· 5

  • Confidentiality — Read Files or Directories, Read Application Data
    The injected code could access restricted data / files.
  • Access Control — Bypass Protection Mechanism
    In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
  • Access Control — Gain Privileges or Assume Identity
    Injected code can access resources that the attacker is directly prevented from accessing.
  • Integrity / Confidentiality / Availability / Other — Execute Unauthorized Code or Commands
    Code injection attacks can lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing. Additionally, code injection can often result in the execution of arbitrary code.
  • Non-Repudiation — Hide Activities
    Often the actions performed by injected control code are unlogged.

Potential mitigations· 2

  • [Implementation]
  • [Implementation]Perform proper output validation and escaping to neutralize all code syntax from data written to code files.

Related CAPEC attack patterns· 5

CAPEC-35CAPEC-73CAPEC-77CAPEC-81CAPEC-85

References

  1. https://cwe.mitre.org/data/definitions/96.html

Exploits (incoming)5

TypeTargetConfidenceTier
AttackPatternManipulating User-Controlled Variablescapec-77100%live
AttackPatternAJAX Footprintingcapec-85100%live
AttackPatternUser-Controlled Filenamecapec-73100%live
AttackPatternWeb Server Logs Tamperingcapec-81100%live
AttackPatternLeverage Executable Code in Non-Executable Filescapec-35100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-57707cve-2025-577070%live
KEVEntryAviatrix Controller Unrestricted Upload of Filekev-cve-2021-408700%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE
Improper Control of Generation of Code ('Code Injection')
CWE
Improper Neutralization of Special Elements Used in a Template Engine
CWE
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.