CWE-1023

Incomplete Comparison with Missing Factors

Class

What it is

The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors.

Impact

Integrity, Access Control

Alter Execution Logic, Bypass Protection Mechanism

Real-world CVE examples

CVE-2005-2782 — PHP remote file inclusion in web application that filters "http" and "https" URLs, but not "ftp".
CVE-2014-6394 — Product does not prevent access to restricted directories due to partial string comparison with a public directory

Related weaknesses

CWE-697 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →