CAPEC Related Weakness
Manipulate Registry Information
CWE-15 External Control of System or Configuration Setting
Schema Poisoning
CWE-15 External Control of System or Configuration Setting
Target Programs with Elevated Privileges
CWE-15 External Control of System or Configuration Setting
CWE-250 Execution with Unnecessary Privileges
Manipulating User-Controlled Variables
CWE-15 External Control of System or Configuration Setting
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-473 PHP External Variable Modification
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Subverting Environment Variable Values
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-353 Missing Support for Integrity Check
XML Schema Poisoning
CWE-15 External Control of System or Configuration Setting
CWE-472 External Control of Assumed-Immutable Web Parameter
Configuration/Environment Manipulation
CWE-15 External Control of System or Configuration Setting
CWE-1233 Improper Hardware Lock Protection for Security Sensitive Controls
CWE-1234 Hardware Internal or Debug Modes Allow Override of Locks
CWE-1304 Improperly Preserved Integrity of Hardware Configuration State During a Power Save/Restore Operation
CWE-1328 Security Version Number Mutable to Older Versions
Modification of Registry Run Keys
CWE-15 External Control of System or Configuration Setting
Manipulating Web Input to File System Calls
CWE-15 External Control of System or Configuration Setting
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23 Relative Path Traversal
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-272 Least Privilege Violation
CWE-285 Improper Authorization
CWE-346 Origin Validation Error
CWE-348 Use of Less Trusted Source