CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: injection

24 terms of 1444 total · page 1 of 2

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: injection
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
NoSQL Injection PHP 5.4+
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
1w ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
1w ago security intermediate 9.8
extract() Security Risk PHP 4.0+
extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.
2mo ago security intermediate
Diagram: Arbitrary File Upload Arbitrary File Upload PHP 5.0+
Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.
CWE-434 OWASP A4:2021
2mo ago security intermediate 9.8
Diagram: Command Injection Command Injection PHP 5.0+
User input passed to a shell function (exec, system, shell_exec) allows arbitrary OS command execution.
CWE-78 OWASP A3:2021
2mo ago security intermediate 9.8
CRLF Injection PHP 5.0+
Injecting carriage-return and line-feed characters into HTTP headers splits responses or injects new headers, enabling log poisoning and XSS.
CWE-93 OWASP A3:2021
2mo ago security intermediate 6.1
Email Header Injection PHP 5.0+
Injecting extra headers or recipients into mail() calls via unvalidated user input, enabling spam relay and phishing.
CWE-93 OWASP A3:2021
2mo ago security intermediate 6.5
escapeshellarg() PHP 5.0+
Wraps a string in single quotes and escapes internal quotes for safe use as a single shell argument.
2mo ago php intermediate
Eval Injection PHP 5.0+
User input passed to eval() executes as PHP code, giving attackers full server-side code execution.
CWE-95 OWASP A3:2021
2mo ago security intermediate 9.8
File Extension Bypass PHP 5.0+
Circumventing upload filters via double extensions, null bytes, or alternate MIME types to upload executable files disguised as safe ones.
CWE-434 OWASP A4:2021
2mo ago security intermediate 9.8
Header Injection PHP 5.0+
User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.
CWE-113 OWASP A3:2021
2mo ago security intermediate 6.1
Host Header Injection PHP 5.0+
A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.
CWE-116 OWASP A3:2021
2mo ago security intermediate 7.5
HTTP Parameter Pollution PHP 5.0+
Submitting duplicate HTTP parameters exploits inconsistencies in how servers and applications parse repeated keys.
CWE-235 OWASP A3:2021
2mo ago security intermediate 6.5
LDAP Injection PHP 5.6+
Unsanitised input manipulates LDAP query filters, bypassing authentication or exposing directory data.
CWE-90 OWASP A3:2021
2mo ago security intermediate 7.5
Local File Inclusion (LFI) PHP 5.0+
A PHP include/require driven by user input that can load arbitrary local files, sometimes leading to code execution.
CWE-98 OWASP A3:2021
2mo ago security intermediate 7.5
Log Injection PHP 5.0+
Writing unsanitised user input into log files allows attackers to forge log entries or inject control characters.
CWE-117 OWASP A9:2021
2mo ago security intermediate 5.3
Null Byte Injection PHP 5.0+
Inserting a %00 null byte into a filename or string can truncate it at the C layer, bypassing extension checks.
CWE-626 OWASP A3:2021
2mo ago security intermediate 7.5
Diagram: Path Traversal Path Traversal PHP 5.0+
User input used in a file path allows attackers to navigate outside the intended directory using ../ sequences.
CWE-22 OWASP A3:2021
2mo ago security intermediate 7.5
Remote File Inclusion (RFI) PHP 5.0+
An attacker tricks include() or require() into loading a PHP file from an attacker-controlled remote URL, achieving code execution.
CWE-98 OWASP A3:2021
2mo ago security intermediate 9.8
XML Injection PHP 5.0+
Unsanitised user input injected into XML documents alters their structure, potentially corrupting data or enabling further attacks.
CWE-91 OWASP A3:2021
2mo ago security intermediate 7.5
✓ schema.org compliant