CWE-181
Incorrect Behavior Order: Validate Before Filter
VariantDraft
Description
The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.
This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-120 · CAPEC-267 · CAPEC-3 · CAPEC-43 · CAPEC-78 · CAPEC-79 · CAPEC-80
CVEs mapped to this weakness (0)
No CVEs match the current filter.