CAPEC-88: OS Command Injection
ID
CAPEC-88
Typical Severity
High
Likelihood Of Attack
High
Status
Draft
In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.
Weaknesses
| # ID | Name | Type |
|---|---|---|
| CWE-20 | Improper Input Validation | weakness |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | weakness |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | weakness |
| CWE-697 | Incorrect Comparison | weakness |
Taxonomiy Mapping
| Type | # ID | Name |
|---|---|---|
| WASC | 31 | OS Commanding |