- Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
不正確的網頁生成輸入中和(「跨網站指令碼」)
- Out-of-bounds Write
越界寫入
- Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
不正確的 SQL 命令特殊元素中和(「SQL 注入」)
- Cross-Site Request Forgery (CSRF)
跨網站請求偽造 (CSRF)
- Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
不正確的限制路徑名稱到受限制目錄(「路徑遍歷」)
- Out-of-bounds Read
越界讀取
- Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
不正確的作業系統命令特殊元素中和(「作業系統命令注入」)
- Use After Free
釋放後使用
- Missing Authorization
缺少授權
- Unrestricted Upload of File with Dangerous Type
危險類型檔案的無限制上傳
- Improper Control of Generation of Code (‘Code Injection’)
不正確的程式碼生成控制(「程式碼注入」)
- Improper Input Validation
不正確的輸入驗證
- Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
不正確的命令特殊元素中和(「命令注入」)
- Improper Authentication
不正確的身份驗證
- Improper Privilege Management
不正確的權限管理
- Deserialization of Untrusted Data
不可信資料的反序列化
- Exposure of Sensitive Information to an Unauthorized Actor
敏感資訊洩露給未經授權的行為者
- Incorrect Authorization
不正確的授權
- Server-Side Request Forgery (SSRF)
伺服器端請求偽造 (SSRF)
- Improper Restriction of Operations within the Bounds of a Memory Buffer
不正確的記憶體緩衝區操作限制
- NULL Pointer Dereference
NULL 指標解引用
- Use of Hard-coded Credentials
使用硬編碼憑證
- Integer Overflow or Wraparound
整數溢位或迴繞
- Uncontrolled Resource Consumption
不受控制的資源消耗
- Missing Authentication for Critical Function
關鍵功能缺少身份驗證
參考資料
#
