Home / Vulnerability Database / 1C : Resource injection

1C : Resource injection

Classification

OWASP Top 10 2013

A1-Injection A4-Insecure Direct Object References

OWASP Top 10 2017

A1-Injection

OWASP Top 10 2021

A3-Injection

OWASP ASVS

Validation, Sanitization and Encoding

PCI DSS 4.0

6.2.4

CWE

CWE-1027 CWE-1030

Overview

Running an external report or processing from an untrusted source allows an attacker to execute a file of an external module in a software way, bypassing the regular access control system.

References

OWASP Top 10 2013-A1-Injection
OWASP Top 10 2013-A4-Insecure Direct Object References
CWE-99: Improper Control of Resource Identifiers (‘Resource Injection’)
OWASP Top 10 2017-A1-Injection
CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
CWE-1030

LOW

1C : Resource injection

Classification

Overview

References

DerScanner Severity Score

Do you want to fix 1C : Resource injection in your application?

See also

1C : Null encryption key

1C : Memory leak

1C : Empty encryption key