Description
The product does not adequately filter user-controlled input for special elements with control implications.
Potential Impact
Integrity, Confidentiality, Availability
Modify Application Data, Execute Unauthorized Code or Commands
Mitigations & Prevention
Programming languages and supporting technologies might be chosen which are not subject to these issues.
Utilize an appropriate mix of allowlist and denylist parsing to filter special element syntax from all input.
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Special Element Injection
Frequently Asked Questions
What is CWE-75?
CWE-75 (Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product does not adequately filter user-controlled input for special elements with control implications.
How can CWE-75 be exploited?
Attackers can exploit CWE-75 (Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)) to modify application data, execute unauthorized code or commands. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-75?
Key mitigations include: Programming languages and supporting technologies might be chosen which are not subject to these issues.
What is the severity of CWE-75?
CWE-75 is classified as a Class-level weakness (High abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.