Standardlikelihood: Highseverity: Very HighDraft

CAPEC-23File Content Injection

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
Very High

Description

An adversary poisons files with a malicious payload (targeting the file systems accessible by the target software), which may be passed through by standard channels such as via email, and standard web content like PDF and multimedia files. The adversary exploits known vulnerabilities or handling routines in the target processes, in order to exploit the host's trust in executing remote content, including binary files.

Related weaknesses· 1

CWE-20

Related attack patterns· 2

CAPEC-242 (ChildOf)CAPEC-165 (CanAlsoBe)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-20100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Code Injection
CAPEC
File Manipulation
CAPEC
Code Inclusion
CAPEC
PHP Remote File Inclusion
CAPEC
Using Malicious Files
CAPEC
Remote Code Inclusion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.