CAPEC-6: Argument Injection
ID
CAPEC-6
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | weakness |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | weakness |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters | weakness |
| CWE-184 | Incomplete List of Disallowed Inputs | weakness |
| CWE-185 | Incorrect Regular Expression | weakness |
| CWE-697 | Incorrect Comparison | weakness |