The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements. The software may have a fixed list of special characters it believes is complete. However, there may be alternate encodings, or representations that also have the same meaning. For example, the software may filter out a leading slash (/) to prevent absolute path names, but does not account for a tilde (~) followed by a user name, which on some *nix systems could be expanded to an absolute pathname. Alternately, the software might filter a dangerous "-e" command-line switch when calling an external program, but it might not account for "--exec" or other switches that have the same semantics. 1000 699 Weakness ChildOf 75 888 Category ChildOf 896 Primary Architecture and Design Implementation High to Very High Other Other Requirements Programming languages and supporting technologies might be chosen which are not subject to these issues. Implementation Utilize an appropriate mix of white-list and black-list parsing to filter equivalent special element syntax from all input. Explicit Equivalent Special Element Injection PLOVER Eric Dalci Cigital 2008-07-01 updated Time_of_Introduction CWE Content Team MITRE 2008-09-08 updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities CWE Content Team MITRE 2009-10-29 updated Description, Other_Notes CWE Content Team MITRE 2010-06-21 updated Description, Name CWE Content Team MITRE 2010-12-13 updated Description CWE Content Team MITRE 2011-06-01 updated Common_Consequences CWE Content Team MITRE 2012-05-11 updated Relationships CWE Content Team MITRE 2012-10-30 updated Potential_Mitigations Equivalent Special Element Injection Failure to Resolve Equivalent Special Elements into a Different Plane