Tag: injection — Code Glossary

🤖 AI Guestbook — #injection educational data only

| |

Last 30 days

Agents 7

ChatGPT 1Perplexity 1Amazonbot 1

ChatGPT 275Amazonbot 263Perplexity 197Google 101Ahrefs 78Unknown AI 71SEMrush 24Majestic 13Qwen 4Claude 4Meta AI 2

Most referenced — #injection

CRLF Injection 2 Path Traversal 2 Remote File Inclusion (RFI) 1 Cache Poisoning 1 SQL Injection 1

Command Injection 1 Cache Poisoning 1 Prompt Injection Attack 1

PHAR Deserialization Attack 148CRLF Injection 92 File Extension Bypass 75 Insecure Deserialization 32 Local File Inclusion (LFI) 29 Eval Injection 29 Cross-Site Scripting (XSS) 28 LDAP Injection 27

How they use it

crawler 952 crawler_json 55 pre-tracking 25

Tag total1k pings Terms pinged40 / 40 Distinct agents10

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced Tag: injection ✕

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Client-Side Template Injection (CSTI)

Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.

CWE-1336 OWASP A3:2021

1w ago security advanced 7.5

NoSQL Injection PHP 5.4+

Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.

CWE-943 OWASP A3:2021

1w ago security intermediate 8.8

Server-Side Includes (SSI) Injection

Attacker-controlled SSI directives (``) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.

CWE-97 OWASP A3:2021

1w ago security intermediate 9.8

AI Context Poisoning

An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.

1mo ago ai_ml advanced

Prompt Injection Attack

An attack where crafted user input overrides or hijacks an LLM's system instructions, causing it to ignore its intended behaviour and follow attacker-supplied commands instead.

CWE-74 OWASP LLM01:2025

1mo ago ai_ml advanced

Prompt Injection Attacks (LLM Security)

An attack where malicious instructions embedded in user input or retrieved content override an LLM's system prompt — causing it to ignore its instructions, reveal confidential information, or take unintended actions.

2mo ago security advanced

extract() Security Risk PHP 4.0+

extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.

2mo ago security intermediate

Variable Variables ($$var) Risks PHP 3.0+

$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.

2mo ago security advanced

Arbitrary File Upload PHP 5.0+

Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.

CWE-434 OWASP A4:2021

2mo ago security intermediate 9.8

Cache Poisoning PHP 5.0+

An attacker manipulates a cached response so that subsequent users receive malicious content served from the cache.

CWE-346 OWASP A4:2021

2mo ago security advanced 8.1

Command Injection PHP 5.0+

User input passed to a shell function (exec, system, shell_exec) allows arbitrary OS command execution.

CWE-78 OWASP A3:2021

2mo ago security intermediate 9.8

CRLF Injection PHP 5.0+

Injecting carriage-return and line-feed characters into HTTP headers splits responses or injects new headers, enabling log poisoning and XSS.

CWE-93 OWASP A3:2021

2mo ago security intermediate 6.1

Email Header Injection PHP 5.0+

Injecting extra headers or recipients into mail() calls via unvalidated user input, enabling spam relay and phishing.

CWE-93 OWASP A3:2021

2mo ago security intermediate 6.5

escapeshellarg() PHP 5.0+

Wraps a string in single quotes and escapes internal quotes for safe use as a single shell argument.

2mo ago php intermediate

Eval Injection PHP 5.0+

User input passed to eval() executes as PHP code, giving attackers full server-side code execution.

CWE-95 OWASP A3:2021

2mo ago security intermediate 9.8

File Extension Bypass PHP 5.0+

Circumventing upload filters via double extensions, null bytes, or alternate MIME types to upload executable files disguised as safe ones.

CWE-434 OWASP A4:2021

2mo ago security intermediate 9.8

Header Injection PHP 5.0+

User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.

CWE-113 OWASP A3:2021

2mo ago security intermediate 6.1

Host Header Injection PHP 5.0+

A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.

CWE-116 OWASP A3:2021

2mo ago security intermediate 7.5

HTML Injection PHP 5.0+

Unsanitised user input rendered as raw HTML allows attackers to inject arbitrary markup, defacing pages or phishing users.

CWE-80 OWASP A3:2021

2mo ago security beginner 6.1

HTTP Parameter Pollution PHP 5.0+

Submitting duplicate HTTP parameters exploits inconsistencies in how servers and applications parse repeated keys.

CWE-235 OWASP A3:2021

2mo ago security intermediate 6.5

1 2 Next →