CAPEC-253: Remote Code Inclusion
ID
CAPEC-253
Status
Draft
The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | weakness |
Taxonomiy Mapping
Type | # ID | Name |
---|---|---|
WASC | 05 | Remote File Inclusion |