Metalikelihood: Mediumseverity: HighStable

CAPEC-248Command Injection

Abstraction
Meta
Status
Stable
Likelihood
Medium
Severity
High

Description

An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.

Related weaknesses· 1

CWE-77

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements used in a Command ('Command Injection')cwe-77100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
OS Command Injection
CAPEC
Code Injection
CAPEC
Argument Injection
CAPEC
Resource Injection
CAPEC
SQL Injection
CAPEC
Parameter Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.