CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: injection

15 terms of 1444 total

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: injection
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
1w ago security advanced 7.5
Diagram: AI Context Poisoning AI Context Poisoning
An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.
1mo ago ai_ml advanced
Diagram: Prompt Injection Attack Prompt Injection Attack
An attack where crafted user input overrides or hijacks an LLM's system instructions, causing it to ignore its intended behaviour and follow attacker-supplied commands instead.
CWE-74 OWASP LLM01:2025
1mo ago ai_ml advanced
Prompt Injection Attacks (LLM Security)
An attack where malicious instructions embedded in user input or retrieved content override an LLM's system prompt — causing it to ignore its instructions, reveal confidential information, or take unintended actions.
2mo ago security advanced
Variable Variables ($$var) Risks PHP 3.0+
$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.
2mo ago security advanced
Cache Poisoning PHP 5.0+
An attacker manipulates a cached response so that subsequent users receive malicious content served from the cache.
CWE-346 OWASP A4:2021
2mo ago security advanced 8.1
HTTP Response Splitting PHP 5.0+
Injecting CRLF sequences into HTTP headers causes the server to emit two separate responses, enabling cache poisoning and XSS.
CWE-113 OWASP A3:2021
2mo ago security advanced 6.1
Insecure Deserialization PHP 5.0+
Untrusted data passed to unserialize() can trigger PHP magic methods and lead to remote code execution.
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
PHAR Deserialization Attack PHP 5.0+
PHP's phar:// stream wrapper triggers deserialization of PHAR metadata on any file operation, enabling PHP object injection without unserialize().
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
Prototype Pollution ES5
An attacker injects properties into JavaScript's Object.prototype, affecting all objects in the application.
CWE-1321 OWASP A3:2021
2mo ago security advanced 8.1
Second-Order SQL Injection PHP 5.0+
Malicious data is safely stored in the database but later retrieved and used unsafely in a subsequent SQL query.
CWE-89 OWASP A3:2021
2mo ago security advanced 8.8
Diagram: Server-Side Request Forgery (SSRF) Server-Side Request Forgery (SSRF) PHP 5.0+
The server is tricked into making HTTP requests to internal or unintended destinations on behalf of the attacker.
CWE-918 OWASP A10:2021
2mo ago security advanced 8.6
Server-Side Template Injection (SSTI) PHP 5.0+
User input is embedded directly into a server-side template, allowing arbitrary code execution on the server.
CWE-1336 OWASP A3:2021
2mo ago security advanced 9.8
Unicode Normalisation Attack PHP 5.3+
Exploiting differences in Unicode normalisation forms to bypass input filters — two visually identical strings that differ at the byte level.
CWE-176 OWASP A3:2021
2mo ago security advanced 5.3
XML External Entity (XXE) PHP 5.0+
A vulnerable XML parser processes external entity references, letting attackers read local files or trigger SSRF.
CWE-611 OWASP A5:2021
2mo ago security advanced 8.2
✓ schema.org compliant