Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-707 (对消息或数据结构的处理不恰当) — Vulnerability Class 192

192 vulnerabilities classified as CWE-707 (对消息或数据结构的处理不恰当). AI Chinese analysis included.

CWE-707 represents a critical input validation weakness where software fails to properly sanitize structured data before processing or transmission. This flaw typically allows attackers to inject malicious payloads, such as SQL injection strings or cross-site scripting code, by exploiting the system’s inability to distinguish between legitimate data and executable commands. When malformed messages are misinterpreted, they can trigger unintended behaviors, leading to data breaches, system compromise, or denial of service. Developers mitigate this risk by implementing rigorous neutralization techniques, including strict input validation, output encoding, and parameterized queries. By ensuring that all structured messages are well-formed and adhere to expected security properties before being handled by downstream components, engineers can effectively prevent attackers from manipulating the application’s logic and maintain the integrity of the data flow.

MITRE CWE Description
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. If a message is malformed, it may cause the message to be incorrectly interpreted. Neutralization is an abstract term for any technique that ensures that input (and output) conforms with expectations and is "safe." This can be done by: checking that the input/output is already "safe" (e.g. validation) transformation of the input/output to be "safe" using techniques such as filtering, encoding/decoding, escaping/unescaping, quoting/unquoting, or canonicalization preventing the input/output from being directly provided by an attacker (e.g. "indirect selection" that maps externally-provided values to internally-controlled values) preventing the input/output from being processed at all This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications.
Common Consequences (1)
OtherOther
CVE IDTitleCVSSSeverityPublished
CVE-2022-3733 SourceCodester Web-Based Student Clearance System edit-admin.php sql injection — Web-Based Student Clearance System 5.0 Medium2022-10-28
CVE-2022-3714 SourceCodester Online Medicine Ordering System sql injection — Online Medicine Ordering System 5.0 Medium2022-10-27
CVE-2022-3716 SourceCodester Online Medicine Ordering System cross site scripting — Online Medicine Ordering System 3.5 Low2022-10-27
CVE-2022-3672 SourceCodester Sanitization Management System SystemSettings.php cross site scripting — Sanitization Management System 3.5 Low2022-10-26
CVE-2022-3673 SourceCodester Sanitization Management System Master.php cross site scripting — Sanitization Management System 3.5 Low2022-10-26
CVE-2022-3704 Ruby on Rails _table.html.erb cross site scripting — Ruby on Rails 3.5 Low2022-10-26
CVE-2022-3579 SourceCodester Cashier Queuing System Login Page login.php sql injection — Cashier Queuing System 6.3 Medium2022-10-18
CVE-2022-3580 SourceCodester Cashier Queuing System User Creation cross site scripting — Cashier Queuing System 2.4 Low2022-10-18
CVE-2022-3581 SourceCodester Cashier Queuing System Cashiers Tab cross site scripting — Cashier Queuing System 2.4 Low2022-10-18
CVE-2022-3583 SourceCodester Canteen Management System login.php sql injection — Canteen Management System 7.3 High2022-10-18
CVE-2022-3584 SourceCodester Canteen Management System edituser.php sql injection — Canteen Management System 6.3 Medium2022-10-18
CVE-2022-3587 SourceCodester Simple Cold Storage Management System My Account cross site scripting — Simple Cold Storage Management System 3.5 Low2022-10-18
CVE-2022-3546 SourceCodester Simple Cold Storage Management System Create User cross site scripting — Simple Cold Storage Management System 2.4 Low2022-10-17
CVE-2022-3547 SourceCodester Simple Cold Storage Management System Setting cross site scripting — Simple Cold Storage Management System 2.4 Low2022-10-17
CVE-2022-3548 SourceCodester Simple Cold Storage Management System Add New Storage cross site scripting — Simple Cold Storage Management System 2.4 Low2022-10-17
CVE-2022-3518 SourceCodester Sanitization Management System User Creation cross site scripting — Sanitization Management System 2.4 Low2022-10-15
CVE-2022-3519 SourceCodester Sanitization Management System Quote Requests Tab cross site scripting — Sanitization Management System 2.4 Low2022-10-15
CVE-2022-3495 SourceCodester Simple Online Public Access Catalog Admin Login sql injection — Simple Online Public Access Catalog 7.3 High2022-10-14
CVE-2022-3497 SourceCodester Human Resource Management System Master List cross site scripting — Human Resource Management System 3.5 Low2022-10-14
CVE-2022-3502 Human Resource Management System Leave cross site scripting — Human Resource Management System 3.5 Low2022-10-14
CVE-2022-3503 SourceCodester Purchase Order Management System Supplier cross site scripting — Purchase Order Management System 3.5 Low2022-10-14
CVE-2022-3504 SourceCodester Sanitization Management System sql injection — Sanitization Management System 6.3 Medium2022-10-14
CVE-2022-3505 SourceCodester Sanitization Management System cross site scripting — Sanitization Management System 3.5 Low2022-10-14
CVE-2022-3492 SourceCodester Human Resource Management System Profile Photo os command injection — Human Resource Management System 6.3 Medium2022-10-13
CVE-2022-3493 SourceCodester Human Resource Management System Add Employee cross site scripting — Human Resource Management System 3.5 Low2022-10-13
CVE-2022-3464 puppyCMS settings.php cross site scripting — puppyCMS 4.3 Medium2022-10-12
CVE-2022-3467 Jiusi OA hntdCustomDesktopActionContent sql injection — OA 5.5 Medium2022-10-12
CVE-2022-3470 SourceCodester Human Resource Management System getstatecity.php sql injection — Human Resource Management System 6.3 Medium2022-10-12
CVE-2022-3471 SourceCodester Human Resource Management System city.php sql injection — Human Resource Management System 6.3 Medium2022-10-12
CVE-2022-3472 SourceCodester Human Resource Management System city.php sql injection — Human Resource Management System 6.3 Medium2022-10-12

Vulnerabilities classified as CWE-707 (对消息或数据结构的处理不恰当) represent 192 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.