Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-790 (特殊元素过滤不恰当) — Vulnerability Class 10

10 vulnerabilities classified as CWE-790 (特殊元素过滤不恰当). AI Chinese analysis included.

CWE-790 represents a critical input validation weakness where software fails to properly sanitize special characters or structural elements before processing data from untrusted sources. This flaw typically enables attackers to inject malicious payloads, such as cross-site scripting scripts or command injection sequences, by bypassing inadequate filtering mechanisms. When these unfiltered elements reach downstream components like interpreters or databases, they can alter execution logic, leading to data breaches, system compromise, or unauthorized access. Developers mitigate this risk by implementing rigorous input validation strategies, specifically employing allow-listing techniques to reject unexpected characters. Furthermore, utilizing parameterized queries and context-aware encoding ensures that special elements are treated as data rather than executable code, effectively neutralizing injection attempts and maintaining the integrity of the application’s processing pipeline.

MITRE CWE Description
The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
Common Consequences (1)
IntegrityUnexpected State
Examples (1)
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
my $Username = GetUntrustedInput(); $Username =~ s/\.\.\///; my $filename = "/home/user/" . $Username; ReadAndSendFile($filename);
Bad · Perl
../../../etc/passwd
Attack
CVE IDTitleCVSSSeverityPublished
CVE-2026-2328 Backend Access Due to Insufficient Input Validation — Device Sphere 7.5 High2026-03-30
CVE-2025-27260 Ericsson Indoor Connect 8855 - Improper Filtering of Special Elements Vulnerability — Indoor Connect 8855 5.3 -2026-03-25
CVE-2025-0431 Enterprise Protection Backslash URL Rewrite Bypass — Enterprise Protection 5.8 Medium2025-03-19
CVE-2024-47984 Dell RecoverPoint for Virtual Machines 安全漏洞 — RecoverPoint for Virtual Machines 4.4 Medium2024-12-13
CVE-2024-42416 Multiple issues in ctl(4) CAM Target Layer — FreeBSD 8.8 -2024-09-05
CVE-2024-43443 Stored XSS in process management — OTRS 4.9 Medium2024-08-26
CVE-2024-43442 Stored XSS in System Configuration — OTRS 4.9 Medium2024-08-26
CVE-2024-6540 Information exlosure in external interface — OTRS 5.7 Medium2024-07-15
CVE-2023-22578 Sequalize - Default support for “raw attributes” when using parentheses — Sequelize.js 10.0 Critical2023-02-16
CVE-2021-43802 Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports — etherpad-lite 9.9 Critical2021-12-09

Vulnerabilities classified as CWE-790 (特殊元素过滤不恰当) represent 10 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.