CWE-553: Command Shell in Externally Accessible Directory

ID CWE-553

Abstraction Variant

Structure Simple

Status Incomplete

A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.

Modes of Introduction

Phase	Note
Implementation
Operation

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-552	Files or Directories Accessible to External Parties	Base	Simple	Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-650	Upload a Web Shell to a Web Server	CWE-553