Metalikelihood: Highseverity: HighStable
CAPEC-242Code Injection
Abstraction
Meta
Status
Stable
Likelihood
High
Severity
High
Description
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
Related weaknesses· 1
Exploits1
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Improper Control of Generation of Code ('Code Injection')cwe-94 | 100% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.