The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.
View on MITRECase (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.
The regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \Q and \E in Perl.
No detection method information available for this CWE.
Executable regexp in PHP by inserting "e" modifier into first argument to preg_replace
View DetailsExecutable regexp in PHP by inserting "e" modifier into first argument to preg_replace
View DetailsComplex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the "/e" modifier
View DetailsFunction allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
View DetailsNo relationship information available for this CWE.
CWE-624: Executable Regular Expression Error is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers. Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.
If exploited, CWE-624 (Executable Regular Expression Error) it can compromise Confidentiality, Integrity and Availability, leading to outcomes such as Execute Unauthorized Code or Commands.
Recommended mitigations for CWE-624 include: The regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \Q and \E in Perl.
CWE-624 commonly affects PHP and Perl. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
MITRE documents real CVEs mapped to CWE-624, including CVE-2006-2059, CVE-2005-3420, CVE-2006-2878 and CVE-2006-2908. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-624 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.