CWE-472 – External Control of Assumed-Immutable Web Parameter
Description The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields....
CWE-473 – PHP External Variable Modification
Description A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose...
CWE-474 – Use of Function with Inconsistent Implementations
Description The code uses a function that has inconsistent implementations across operating systems and versions. Modes of Introduction: - Architecture and Design Related...
CWE-475 – Undefined Behavior for Input to API
Description The behavior of this function is undefined unless its control parameter is set to a specific value. Modes of Introduction: - Architecture and Design...
CWE-476 – NULL Pointer Dereference
Description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash...
CWE-477 – Use of Obsolete Function
Description The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. Modes of Introduction: - Implementation...
CWE-478 – Missing Default Case in Switch Statement
Description The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses. This flaw...
CWE-479 – Signal Handler Use of a Non-reentrant Function
Description The program defines a signal handler that calls a non-reentrant function. Modes of Introduction: - Architecture and Design Likelihood of Exploit: Low ...
CWE-48 – Path Equivalence: ‘file name’ (Internal Whitespace)
Description A software system that accepts path input in the form of internal space ('file(SPACE)name') without appropriate validation can lead to ambiguous path resolution and...
CWE-480 – Use of Incorrect Operator
Description The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. These types of errors are generally the result of...