CWE-749 暴露危险的方法或函数 类弱点 127 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-749指危险方法或函数暴露,属于接口访问控制缺陷。当API包含未受限制的危险功能时,攻击者可利用该接口直接调用敏感操作,从而引发权限提升、数据泄露或系统破坏等严重后果。开发者应避免将高危功能暴露给外部,通过实施严格的身份验证、细粒度权限管理及最小权限原则,确保仅授权用户能访问特定方法,从而有效缓解此类风险。
public void removeDatabase(String databaseName) { try { Statement stmt = conn.createStatement(); stmt.execute("DROP DATABASE " + databaseName); } catch (SQLException ex) {...} }private void removeDatabase(String databaseName) { try { Statement stmt = conn.createStatement(); stmt.execute("DROP DATABASE " + databaseName); } catch (SQLException ex) {...} }// Android @Override public boolean shouldOverrideUrlLoading(WebView view, String url){ if (url.substring(0,14).equalsIgnoreCase("examplescheme:")){ if(url.substring(14,25).equalsIgnoreCase("getUserInfo")){ writeDataToView(view, UserData); return false; } else{ return true; } } }// iOS -(BOOL) webView:(UIWebView *)exWebView shouldStartLoadWithRequest:(NSURLRequest *)exRequest navigationType:(UIWebViewNavigationType)exNavigationType { NSURL *URL = [exRequest URL]; if ([[URL scheme] isEqualToString:@"exampleScheme"]) { NSString *functionString = [URL resourceSpecifier]; if ([functionString hasPrefix:@"specialFunction"]) { // Make data available back in webview. UIWebView *webView = [self writeDataToView:[URL query]]; } return NO; } return YES; }CWE-749(暴露危险的方法或函数) 是常见的弱点类别,本平台收录该类弱点关联的 127 条 CVE 漏洞。