CAPEC-6: Argument Injection
ID
CAPEC-6
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | weakness |
CWE-146 | Improper Neutralization of Expression/Command Delimiters | weakness |
CWE-184 | Incomplete List of Disallowed Inputs | weakness |
CWE-185 | Incorrect Regular Expression | weakness |
CWE-697 | Incorrect Comparison | weakness |