CWE-99 57 個 CVE MITRE 定義 ↗

CWE-99:Improper Control of Resource Identifiers ('Resource Injection')

概覽

CWE-99(Improper Control of Resource Identifiers ('Resource Injection'))描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-15186 2026-07-09 A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument order…
CVE-2026-13493 2026-06-28 A flaw has been found in AIDC-AI ComfyUI-Copilot up to 2.0.28. This issue affects some unknown processing of the file backend/controller/conversation_api.py of the component Workflow Checkpoint Restor…
CVE-2026-12207 2026-06-14 A security flaw has been discovered in medkey-org medkey up to fc09b7ba9441ff590b72d428d5380834216b09ed. Impacted is the function actionGetPatientById of the file app\modules\medical\port\rest\control…
CVE-2026-10624 2026-06-02 A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the file /detailview.php of the component Employee View Pa…
CVE-2026-10299 2026-06-01 A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument d…
CVE-2026-10168 2026-05-31 A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file appli…
CVE-2026-9438 2026-05-25 A vulnerability was found in yashpokharna2555 StudentManagementSystem cb2f558ddf8d19396de0f92abf2d224d46a0a203. This impacts an unknown function of the file courseDel.php. The manipulation of the argu…
CVE-2026-33603 2026-05-12 Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the cl…
CVE-2026-7303 2026-04-28 A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java…
CVE-2026-5414 2026-04-02 A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argum…
CVE-2026-5031 2026-03-29 A vulnerability was found in BichitroGan ISP Billing Software 2025.3.20. Impacted is an unknown function of the file /?_route=settings/users-view/ of the component Endpoint. The manipulation of the ar…
CVE-2026-3693 2026-03-07 A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User End…
CVE-2025-12919 2025-11-09 A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulati…
CVE-2025-12918 2025-11-09 A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View …
CVE-2025-12270 2025-10-27 A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}…
CVE-2025-43491 2025-09-09 A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.
CVE-2025-9619 2025-08-29 A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results…
CVE-2025-9264 2025-08-20 A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component …
CVE-2025-9263 2025-08-20 A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.ja…
CVE-2025-8793 2025-08-10 A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to …

曾用名

  • Resource Injection (2008-04-11)
  • Insufficient Control of Resource Identifiers (aka 'Resource Injection') (2009-05-27)

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2009-05-27 CWE Content Team 1.4 updated Description, Name
2009-07-17 KDM Analytics 1.5 Improved the White_Box_Definition
2009-07-27 CWE Content Team 1.5 updated White_Box_Definitions
2011-06-01 CWE Content Team 1.13 updated Common_Consequences, Other_Notes
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2013-02-21 CWE Content Team 2.4 updated Alternate_Terms, Maintenance_Notes, Other_Notes, Relationships
2013-07-17 CWE Content Team 2.5 updated Relationships
2014-06-23 CWE Content Team 2.7 updated Alternate_Terms, Description, Relationship_Notes, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-05-03 CWE Content Team 2.11 updated Related_Attack_Patterns, Relationships
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Causal_Nature, Modes_of_Introduction, Relationships, White_Box_Definitions
2019-01-03 CWE Content Team 3.2 updated References, Relationships, Taxonomy_Mappings
2019-06-20 CWE Content Team 3.3 updated Relationships
2020-02-24 CWE Content Team 4.0 updated Other_Notes, Potential_Mitigations, References, Relationships, Type
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-10-28 CWE Content Team 4.6 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Observed_Examples
2025-12-11 CWE Content Team 4.19 updated Relationships
cvelogic Threat Intelligence