CWE-15 - External Control of System or Configuration Setting
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2006-07-19
- Latest Modification Date:2023-06-29
Weakness Name
External Control of System or Configuration Setting
Description
One or more system settings or configuration elements can be externally controlled by a user.
Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.
Common Consequences
Scope: Other
Impact: Varies by Context
Related Weaknesses
CWE-20Improper Input ValidationHigh
CWE-610Externally Controlled Reference to a Resource in Another Sphere
Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data
Port of Seattle says ransomware breach impacts 90,000 people
PoisonSeed phishing campaign behind emails with wallet seed phrases
Australian pension funds hit by wave of credential stuffing attacks
Europcar GitLab breach exposes data of up to 200,000 customers
OpenAI's $20 ChatGPT Plus is now free for students until the end of May
SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack
Critical Ivanti Flaw Actively Exploited to Deploy TRAILBLAZE and BRUSHFIRE Malware
OPSEC Failure Exposes Coquettte's Malware Campaigns on Bulletproof Hosting Servers
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability