CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Tag: injection

40 terms of 1506 total · page 1 of 2

🤖 AI Guestbook — #injection educational data only
| |
Last 30 days
3 pings — 2026-05-26 T 16 pings — 2026-05-27 W 40 pings — 2026-05-28 T 10 pings — 2026-05-29 F 10 pings — 2026-05-30 S 12 pings — 2026-05-31 S 10 pings — 2026-06-01 M 9 pings — 2026-06-02 T 31 pings — 2026-06-03 W 37 pings — 2026-06-04 T 93 pings — 2026-06-05 F 41 pings — 2026-06-06 S 80 pings — 2026-06-07 S 69 pings — 2026-06-08 M 44 pings — 2026-06-09 T 21 pings — 2026-06-10 W 20 pings — 2026-06-11 T 13 pings — 2026-06-12 F 14 pings — 2026-06-13 S 3 pings — 2026-06-14 S 4 pings — 2026-06-15 M 10 pings — 2026-06-16 T 10 pings — 2026-06-17 W 4 pings — 2026-06-18 T 14 pings — 2026-06-19 F 22 pings — 2026-06-20 S 25 pings — 2026-06-21 S 17 pings — 2026-06-22 M 15 pings — Yesterday T 17 pings — Today W
Agents 17
Claude 16ChatGPT 1
PetalBot 6Bing 2Perplexity 2SEMrush 2Google 1Sogou 1Ahrefs 1
Scrapy 365ChatGPT 345Amazonbot 311Perplexity 243Ahrefs 168Google 141SEMrush 111Claude 75Unknown AI 73Bing 61Meta AI 43PetalBot 38Majestic 25Sogou 14Qwen 10
Most referenced — #injection
CRLF Injection 2PHAR Deserialization Attack 2Server-Side Request Forgery (SSRF) 1Local File Inclusion (LFI) 1Arbitrary File Upload 1Prompt Injection Attacks (LLM Security) 1Path Traversal 1Insecure Deserialization 1
CRLF Injection 2Second-Order SQL Injection 2Server-Side Request Forgery (SSRF) 1Log Injection 1Prompt Injection Attacks (LLM Security) 1Email Header Injection 1PHAR Deserialization Attack 1SQL Injection 1
PHAR Deserialization Attack 191CRLF Injection 133File Extension Bypass 103Cross-Site Scripting (XSS) 76SQL Injection 73Local File Inclusion (LFI) 68Path Traversal 66Server-Side Request Forgery (SSRF) 64
How they use it
crawler 1.9k crawler_json 148 pre-tracking 25
Tag total2k pings Terms pinged40 / 40 Distinct agents14
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced Tag: injection
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
2mo ago Security advanced 7.5
NoSQL Injection PHP 5.4+ 🧠 2
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
2mo ago Security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
2mo ago Security intermediate 9.8
Diagram: AI Context Poisoning AI Context Poisoning 🧠 2
An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.
3mo ago AI / ML advanced
Diagram: Prompt Injection Attack Prompt Injection Attack 🧠 5
An attack where crafted user input overrides or hijacks an LLM's system instructions, causing it to ignore its intended behaviour and follow attacker-supplied commands instead.
CWE-74 OWASP LLM01:2025
3mo ago AI / ML advanced
Prompt Injection Attacks (LLM Security)
An attack where malicious instructions embedded in user input or retrieved content override an LLM's system prompt — causing it to ignore its instructions, reveal confidential information, or take unintended actions.
3mo ago Security advanced
extract() Security Risk PHP 4.0+
extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.
3mo ago Security intermediate
Variable Variables ($$var) Risks PHP 3.0+
$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.
3mo ago Security advanced
Diagram: Arbitrary File Upload Arbitrary File Upload PHP 5.0+
Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.
CWE-434 OWASP A4:2021
3mo ago Security intermediate 9.8
Cache Poisoning PHP 5.0+
An attacker manipulates a cached response so that subsequent users receive malicious content served from the cache.
CWE-346 OWASP A4:2021
3mo ago Security advanced 8.1
Diagram: Command Injection Command Injection PHP 5.0+ 🧠 1
User input passed to a shell function (exec, system, shell_exec) allows arbitrary OS command execution.
CWE-78 OWASP A3:2021
3mo ago Security intermediate 9.8
CRLF Injection PHP 5.0+
Injecting carriage-return and line-feed characters into HTTP headers splits responses or injects new headers, enabling log poisoning and XSS.
CWE-93 OWASP A3:2021
3mo ago Security intermediate 6.1
Email Header Injection PHP 5.0+
Injecting extra headers or recipients into mail() calls via unvalidated user input, enabling spam relay and phishing.
CWE-93 OWASP A3:2021
3mo ago Security intermediate 6.5
escapeshellarg() PHP 5.0+ 🧠 1
Wraps a string in single quotes and escapes internal quotes for safe use as a single shell argument.
3mo ago PHP intermediate
Eval Injection PHP 5.0+ 🧠 3
User input passed to eval() executes as PHP code, giving attackers full server-side code execution.
CWE-95 OWASP A3:2021
3mo ago Security intermediate 9.8
File Extension Bypass PHP 5.0+
Circumventing upload filters via double extensions, null bytes, or alternate MIME types to upload executable files disguised as safe ones.
CWE-434 OWASP A4:2021
3mo ago Security intermediate 9.8
Header Injection PHP 5.0+
User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.
CWE-113 OWASP A3:2021
3mo ago Security intermediate 6.1
Host Header Injection PHP 5.0+
A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.
CWE-116 OWASP A3:2021
3mo ago Security intermediate 7.5
HTML Injection PHP 5.0+
Unsanitised user input rendered as raw HTML allows attackers to inject arbitrary markup, defacing pages or phishing users.
CWE-80 OWASP A3:2021
3mo ago Security beginner 6.1
HTTP Parameter Pollution PHP 5.0+
Submitting duplicate HTTP parameters exploits inconsistencies in how servers and applications parse repeated keys.
CWE-235 OWASP A3:2021
3mo ago Security intermediate 6.5
✓ schema.org compliant