CWE-97 - Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

CWE-97

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

Description: The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive.

Common Consequences: Scope: Confidentiality, Integrity, Availability
Impact: Execute Unauthorized Code or Commands

Related Weaknesses: CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Related Alerts: Server Side IncludeHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard