Metalikelihood: Mediumseverity: Very HighStable

CAPEC-175Code Inclusion

Abstraction
Meta
Status
Stable
Likelihood
Medium
Severity
Very High

Description

An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

Related weaknesses· 1

CWE-829

Exploits1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-829100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Code Injection
CAPEC
Remote Code Inclusion
CAPEC
Local Code Inclusion
CAPEC
Inclusion of Code in Existing Process
CAPEC
PHP Remote File Inclusion
CAPEC
PHP Local File Inclusion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.