4 vulnerabilities classified as CWE-792 (对一个或多个特殊元素实例的过滤不完全). AI Chinese analysis included.
CWE-792 represents a critical input validation weakness where software fails to adequately sanitize special characters or sequences within user-supplied data. This flaw typically arises when developers apply filtering logic that only addresses the first occurrence of a malicious element, leaving subsequent instances unprocessed, or when they neglect to handle multiple distinct special elements entirely. Attackers exploit this oversight by injecting multiple malicious payloads or bypassing single-instance filters, enabling injection attacks such as cross-site scripting or command injection in downstream components. To prevent this vulnerability, developers must implement comprehensive, iterative sanitization routines that process all input instances until no special elements remain. Utilizing robust, well-tested libraries for data encoding and validation ensures that every potential threat vector is neutralized before data reaches sensitive processing stages, thereby maintaining application integrity.
my $Username = GetUntrustedInput(); $Username =~ s/\.\.\///; my $filename = "/home/user/" . $Username; ReadAndSendFile($filename);../../../etc/passwd| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12758 | Validator.js 安全漏洞 — validator | 7.5 | High | 2025-11-27 |
| CVE-2023-25608 | Fortinet FortiAP-W2 安全漏洞 — FortiAP-W2 | 5.2 | Medium | 2023-09-13 |
| CVE-2022-22297 | Fortinet FortiWeb 安全漏洞 — FortiRecorder | 5.2 | Medium | 2023-03-07 |
| CVE-2023-20057 | Cisco Email Security Appliance 注入漏洞 — Cisco Email Security Appliance (ESA) | - | - | 2023-01-19 |
Vulnerabilities classified as CWE-792 (对一个或多个特殊元素实例的过滤不完全) represent 4 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.