CWE-146 – Improper Neutralization of Expression/Command Delimiters
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as expression...
CWE-147 – Improper Neutralization of Input Terminators
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as input...
CWE-148 – Improper Neutralization of Input Leaders
Description The application does not properly handle when a leading character or sequence ("leader") is missing or malformed, or if multiple leaders are used when...
CWE-149 – Improper Neutralization of Quoting Syntax
Description Quotes injected into an application can be used to compromise a system. As data are parsed, an injected/absent/duplicate/malformed use of quotes may cause the...
CWE-15 – External Control of System or Configuration Setting
Description One or more system settings or configuration elements can be externally controlled by a user. Allowing external control of system settings can disrupt service...
CWE-150 – Improper Neutralization of Escape, Meta, or Control Sequences
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape,...
CWE-151 – Improper Neutralization of Comment Delimiters
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment...
CWE-152 – Improper Neutralization of Macro Symbols
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as macro...
CWE-153 – Improper Neutralization of Substitution Characters
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as substitution...
CWE-154 – Improper Neutralization of Variable Name Delimiters
Description The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as variable...