CWE-184 - CERT CVE

CWE-184 - Incomplete List of Disallowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.

CAPEC ID Naziv
CAPEC-120 Double Encoding
CAPEC-15 Command Delimiters
CAPEC-182 Flash Injection
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-6 Argument Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-85 AJAX Fingerprinting