CAPEC-242: Code Injection
ID
CAPEC-242
Typical Severity
High
Likelihood Of Attack
High
Status
Stable
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-94 | Improper Control of Generation of Code ('Code Injection') | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| OWASP Attacks | Code Injection |