Scope | Impact | Likelihood |
---|---|---|
Other Confidentiality Integrity Availability | Alter Execution Logic, Execute Unauthorized Code or Commands Note: This weakness could affect the control flow of the application and allow execution of untrusted code. |
Reference | Description |
---|---|
Execution-after-redirect allows access to application configuration details. | |
chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal. | |
Remote attackers can obtain access to administrator functionality through EAR. | |
Remote attackers can obtain access to administrator functionality through EAR. | |
Bypass of authentication step through EAR. | |
Chain: Execution after redirect triggers eval injection. | |
chain: execution after redirect allows non-administrator to perform static code injection. |
Name | Organization | Date | Date Release | Version |
---|---|---|---|---|
CWE Content Team | MITRE | 1.0 |
Name | Organization | Date | Comment |
---|---|---|---|
CWE Content Team | MITRE | updated Common_Consequences | |
CWE Content Team | MITRE | updated Common_Consequences, Demonstrative_Examples, Relationships | |
CWE Content Team | MITRE | updated Demonstrative_Examples | |
CWE Content Team | MITRE | updated Alternate_Terms, Name, Observed_Examples, References | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Demonstrative_Examples | |
CWE Content Team | MITRE | updated References | |
CWE Content Team | MITRE | updated Relationships | |
CWE Content Team | MITRE | updated Mapping_Notes | |
CWE Content Team | MITRE | updated Demonstrative_Examples |