CAPEC-175: Code Inclusion
ID
CAPEC-175
Typical Severity
Very High
Likelihood Of Attack
Medium
Status
Stable
An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | weakness |