Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-23:File Content Injection
Attack Pattern ID:23
Version:v3.9
Attack Pattern Name:File Content Injection
Abstraction:Standard
Status:Draft
Likelihood of Attack:High
Typical Severity:Very High
DetailsContent HistoryRelated WeaknessesReports
1Weaknesses found
CWE-20
Improper Input Validation
ShareView Details
Improper Input Validation
Likelihood of Exploit-High
Mapping-Discouraged
Abstraction-Class
Found in12469CVEs

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Impacts-
DoS: Crash, Exit, or RestartDoS: Resource Consumption (CPU)DoS: Resource Consumption (Memory)Execute Unauthorized Code or CommandsRead Files or DirectoriesRead MemoryModify Memory
Tags-
High exploitLibraries or FrameworksInput ValidationAttack Surface ReductionExecute Unauthorized Code or Commands (impact)DoS: Resource Consumption (CPU) (impact)Read Files or Directories (impact)Read Memory (impact)DoS: Crash, Exit, or Restart (impact)DoS: Resource Consumption (Memory) (impact)Modify Memory (impact)
As Seen In-
2019 CWE Top 25 Most Dangerous Software Errors2021 CWE Top 25 Most Dangerous Software2020 CWE Top 25 Most Dangerous Software2022 CWE Top 25 Most Dangerous Software2023 CWE Top 25 Most Dangerous Software2024 CWE Top 25 Most Dangerous SoftwareOriginally Used by NVD from 2008 to 2016Simplified Mapping of Published Vulnerabilities