CAPEC-248: Command Injection
ID
CAPEC-248
Typical Severity
High
Likelihood Of Attack
Medium
Status
Stable
An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | weakness |
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
OWASP Attacks | Command Injection |