This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25).
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| MemberOf | Prohibited | V | 888 | Software Fault Pattern (SFP) Clusters |
| HasMember | Allowed | B | 15 | External Control of System or Configuration Setting |
| HasMember | Discouraged | C | 20 | Improper Input Validation |
| HasMember | Allowed | B | 454 | External Initialization of Trusted Variables or Data Stores |
| HasMember | Allowed | V | 496 | Public Data Assigned to Private Array-Typed Field |
| HasMember | Allowed | B | 502 | Deserialization of Untrusted Data |
| HasMember | Allowed | V | 566 | Authorization Bypass Through User-Controlled SQL Primary Key |
| HasMember | Allowed | B | 606 | Unchecked Input for Loop Condition |
| HasMember | Allowed | V | 616 | Incomplete Identification of Uploaded File Variables (PHP) |
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
See member weaknesses of this category.
| Taxonomy Name | Entry ID | Fit | Entry Name |
|---|