VYPR

CWE-99

Improper Control of Resource Identifiers ('Resource Injection')

ClassDraftLikelihood: High

Description

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-240 · CAPEC-75

CVEs mapped to this weakness (30)

page 2 of 2
  • CVE-2025-8793MedAug 10, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely.…

  • CVE-2025-3405MedApr 8, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the…

  • CVE-2025-1575MedFeb 23, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is…

  • CVE-2025-6534MedJun 24, 2025
    risk 0.27cvss 4.2epss 0.00

    A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation…

  • CVE-2026-10299LowJun 1, 2026
    risk 0.25cvss 3.8epss 0.00

    A weakness has been identified in code-projects Online Hospital Management System 1.0. This issue affects some unknown processing of the file viewdoctortimings.php. This manipulation of the argument delid causes improper control of resource identifiers. The attack can be…

  • CVE-2025-12919LowNov 9, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument uuid results in improper control of resource identifiers.…

  • CVE-2025-12918LowNov 9, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in…

  • CVE-2026-7303LowApr 28, 2026
    risk 0.17cvss 3.7epss 0.00

    A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution Log Handler. The manipulation of the argument logId…

  • CVE-2023-2980May 30, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit…

  • CVE-2020-5230Jan 30, 2020
    risk 0.00cvss epss 0.01

    Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be problematic for operation and security since such identifiers are sometimes used for file system operations which may lead to an attacker being able to escape…