CWE-624: Executable Regular Expression Error

BaseIncomplete

The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.

View on MITRE

Back to CWE Lookup

Extended Description

Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.

Technical Details

Structure: Simple

Applicable To

Languages

PHPPerl

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-624

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references