CWE-75 34 件の CVE MITRE の定義 ↗

CWE-75: Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

概要

CWE-75(Failure to Sanitize Special Elements into a Different Plane (Special Element Injection))は各種脆弱性データベースや評価で用いられる弱点タイプを説明します。定義・背景・対応する CVE は以下の各セクションを参照してください。

セキュリティへの影響
セキュリティ影響:製品や文脈に依存します。CVE 記録、深刻度、MITRE の説明を参照して優先度を判断してください。

説明

The product does not adequately filter user-controlled input for special elements with control implications.

適用プラットフォーム

種別 名称 クラス 普遍性 OS / CPE
language Not Language-Specific Undetermined

このデータベースの関連 CVE

これらの CVE は本データベースでこの弱点に対応付けられており、追跡と検索のために保持されています。

CVE 公開 概要
CVE-2026-31908 2026-04-14 Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.…
CVE-2026-29042 2026-03-06 Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes…
CVE-2026-27120 2026-02-20 Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypa…
CVE-2024-27708 2025-12-22 Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter.
CVE-2025-61911 2025-10-10 python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escapi…
CVE-2025-50213 2025-06-24 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: bef…
CVE-2024-9940 2024-10-16 The Calculated Fields Form plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 5.2.45. This is due to the plugin not properly neutralizing HTML elements from sub…
CVE-2024-37779 2024-09-23 WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.
CVE-2024-39227 2024-08-06 GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE30…
CVE-2024-24257 2024-07-26 An issue in skteco.com Central Control Attendance Machine web management platform v.3.0 allows an attacker to obtain sensitive information via a crafted script to the csl/user component.
CVE-2024-39243 2024-06-26 An issue discovered in skycaiji 2.8 allows attackers to run arbitrary code via crafted POST request to /index.php?s=/admin/develop/editor_save.
CVE-2024-35373 2024-05-24 Mocodo Mocodo Online 4.2.6 and below is vulnerable to Remote Code Execution via /web/rewrite.php.
CVE-2024-31812 2024-04-08 In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig.
CVE-2024-31809 2024-04-08 TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a remote code execution (RCE) vulnerability via the FileName parameter in the setUpgradeFW function.
CVE-2024-31806 2024-04-08 TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a Denial-of-Service (DoS) vulnerability in the RebootSystem function which can reboot the system without authorization.
CVE-2024-21503 2024-03-19 Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could e…
CVE-2024-0801 2024-03-13 A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
CVE-2024-0044 2024-03-11 In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execu…
CVE-2024-23274 2024-03-07 An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.
CVE-2024-23268 2024-03-07 An injection issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to elevate privileges.

旧名称

  • Special Element Injection (2008-04-11)

コンテンツ投稿

名称
PLOVER
日付
2006-07-19
バージョン
Draft 3

コンテンツの変更履歴

日付 名称 バージョン 重要度 コメント
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships, Taxonomy_Mappings
2010-12-13 CWE Content Team 1.11 updated Description
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Potential_Mitigations, Related_Attack_Patterns
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Modes_of_Introduction, Relationships
2020-02-24 CWE Content Team 4.0 updated Relationships
2020-06-25 CWE Content Team 4.1 updated Potential_Mitigations
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Mapping_Notes
cvelogic Threat Intelligence