CWE-184Incomplete List of Disallowed Inputs

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11
CWE-184 - Incomplete List of Disallowed Inputs - Diagram

Metadata

CWE ID:
CWE-184
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Incomplete List of Disallowed Inputs

描述

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

常见后果

范围:
Access Control
影响:
Bypass Protection Mechanism
注释:
Attackers may be able to find other malicious inputs that were not expected by the developer, allowing them to bypass the intended protection mechanism.

相关 CWE