Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-707 (对消息或数据结构的处理不恰当) — Vulnerability Class 192

192 vulnerabilities classified as CWE-707 (对消息或数据结构的处理不恰当). AI Chinese analysis included.

CWE-707 represents a critical input validation weakness where software fails to properly sanitize structured data before processing or transmission. This flaw typically allows attackers to inject malicious payloads, such as SQL injection strings or cross-site scripting code, by exploiting the system’s inability to distinguish between legitimate data and executable commands. When malformed messages are misinterpreted, they can trigger unintended behaviors, leading to data breaches, system compromise, or denial of service. Developers mitigate this risk by implementing rigorous neutralization techniques, including strict input validation, output encoding, and parameterized queries. By ensuring that all structured messages are well-formed and adhere to expected security properties before being handled by downstream components, engineers can effectively prevent attackers from manipulating the application’s logic and maintain the integrity of the data flow.

MITRE CWE Description
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. If a message is malformed, it may cause the message to be incorrectly interpreted. Neutralization is an abstract term for any technique that ensures that input (and output) conforms with expectations and is "safe." This can be done by: checking that the input/output is already "safe" (e.g. validation) transformation of the input/output to be "safe" using techniques such as filtering, encoding/decoding, escaping/unescaping, quoting/unquoting, or canonicalization preventing the input/output from being directly provided by an attacker (e.g. "indirect selection" that maps externally-provided values to internally-controlled values) preventing the input/output from being processed at all This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications.
Common Consequences (1)
OtherOther
CVE IDTitleCVSSSeverityPublished
CVE-2022-4514 Opencaching Deutschland oc-server3 varset.inc.php cross site scripting — oc-server3 3.5 Low2022-12-15
CVE-2022-4513 European Environment Agency eionet.contreg cross site scripting — eionet.contreg 3.5 Low2022-12-15
CVE-2022-4456 falling-fruit cross site scripting — falling-fruit 3.5 Low2022-12-13
CVE-2022-4454 m0ver bible-online Search search.java query sql injection — bible-online 5.5 Medium2022-12-13
CVE-2022-4444 ipti br.tag cross site scripting — br.tag 3.5 Low2022-12-13
CVE-2021-4244 yikes-inc-easy-mailchimp-extender Plugin add_field_to_form.php cross site scripting — yikes-inc-easy-mailchimp-extender Plugin 2.6 Low2022-12-12
CVE-2022-4421 rAthena FluxCP Service Desk Image URL view.php cross site scripting — FluxCP 3.5 Low2022-12-12
CVE-2022-4416 RainyGao DocSys getReposAllUsers.do getReposAllUsers sql injection — DocSys 6.3 Medium2022-12-12
CVE-2022-4403 SourceCodester Canteen Management System ajax_represent.php sql injection — Canteen Management System 6.3 Medium2022-12-11
CVE-2022-4401 pallidlight online-course-selection-system cross site scripting — online-course-selection-system 3.5 Low2022-12-11
CVE-2022-4400 zbl1996 FS-Blog Title cross site scripting — FS-Blog 3.5 Low2022-12-11
CVE-2022-4399 TicklishHoneyBee nodau db.c sql injection — nodau 5.5 Medium2022-12-10
CVE-2022-4396 RDFlib pyrdfa3 __init__.py _get_option cross site scripting — pyrdfa3 3.5 Low2022-12-10
CVE-2022-4377 S-CMS Contact Information Page cross site scripting — S-CMS 3.5 Low2022-12-09
CVE-2022-4375 Mingsoft MCMS list sql injection — MCMS 6.3 Medium2022-12-09
CVE-2020-36609 annyshow DuxCMS Article edit cross site scripting — DuxCMS 2.4 Low2022-12-08
CVE-2022-4354 LinZhaoguan pb-cms Message Board comment cross site scripting — pb-cms 4.3 Medium2022-12-08
CVE-2022-4353 LinZhaoguan pb-cms IpUtil.getIpAddr cross site scripting — pb-cms 3.5 Low2022-12-08
CVE-2022-4350 Mingsoft MCMS search.do cross site scripting — MCMS 3.5 Low2022-12-08
CVE-2022-4348 y_project RuoYi-Cloud JSON cross site scripting — RuoYi-Cloud 3.5 Low2022-12-08
CVE-2022-4347 xiandafu beetl-bbs WebUtils.java cross site scripting — beetl-bbs 3.5 Low2022-12-08
CVE-2022-4341 csliuwy coder-chain_gdut cross site scripting — coder-chain_gdut 3.5 Low2022-12-07
CVE-2022-4322 maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection — maku-boot 6.3 Medium2022-12-07
CVE-2022-4300 FastCMS Template edit injection — FastCMS 6.3 Medium2022-12-06
CVE-2022-4282 SpringBootCMS Template Management injection — SpringBootCMS 4.7 Medium2022-12-05
CVE-2022-4278 SourceCodester Human Resource Management System employeeadd.php sql injection — Human Resource Management System 4.7 Medium2022-12-03
CVE-2022-4274 House Rental System view-property.php sql injection — House Rental System 6.3 Medium2022-12-03
CVE-2022-4275 House Rental System POST Request search-property.php sql injection — House Rental System 6.3 Medium2022-12-03
CVE-2022-4277 Shaoxing Background Management System Bd sql injection — Background Management System 6.3 Medium2022-12-03
CVE-2022-4279 SourceCodester Human Resource Management System employeeview.php cross site scripting — Human Resource Management System 3.5 Low2022-12-03

Vulnerabilities classified as CWE-707 (对消息或数据结构的处理不恰当) represent 192 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.