CWE WEAKNESSES / CWE-75
CWE-75
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Class
What it is
The product does not adequately filter user-controlled input for special elements with control implications.
Impact
| Integrity, Confidentiality, Availability | Modify Application Data, Execute Unauthorized Code or Commands |
Mitigations
- [Requirements] Programming languages and supporting technologies might be chosen which are not subject to these issues.
- [Implementation] Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →