CWE-98 – Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’)
Description The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require,"...
CWE-99 – Improper Control of Resource Identifiers (‘Resource Injection’)
Description The software receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an...
CWE-910 – Use of Expired File Descriptor
Description The software uses or accesses a file descriptor after it has been closed. After a file descriptor for a particular file or device has...
CWE-911 – Improper Update of Reference Count
Description The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count. Reference counts can...
CWE-912 – Hidden Functionality
Description The software contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is...
CWE-913 – Improper Control of Dynamically-Managed Code Resources
Description The software does not properly restrict reading from or writing to dynamically-managed code resources such as variables, objects, classes, attributes, functions, or executable instructions...
CWE-914 – Improper Control of Dynamically-Identified Variables
Description The software does not properly restrict reading from or writing to dynamically-identified variables. Many languages offer powerful features that allow the programmer to access...
CWE-915 – Improperly Controlled Modification of Dynamically-Determined Object Attributes
Description The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an...
CWE-916 – Use of Password Hash With Insufficient Computational Effort
Description The software generates a hash for a password, but it uses a scheme that does not provide a sufficient level of computational effort that...
CWE-917 – Improper Neutralization of Special Elements used in an Expression Language Statement (‘Expression Language Injection’)
Description The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream...