Standardseverity: MediumStable

CAPEC-251Local Code Inclusion

Abstraction
Standard
Status
Stable
Severity
Medium

Description

The attacker forces an application to load arbitrary code files from the local machine. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load files that the attacker placed on the local machine during a prior attack, or to otherwise change the functionality of the targeted application in unexpected ways.

Related weaknesses· 1

CWE-829

MITRE ATT&CK crosswalk· 1

T1055: Process Injection

Related attack patterns· 1

CAPEC-175 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-829100%live

Related to1

TypeTargetConfidenceTier
TechniqueProcess Injectiont1055100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Remote Code Inclusion
CAPEC
PHP Local File Inclusion
CAPEC
Code Inclusion
CAPEC
Code Injection
CAPEC
Inclusion of Code in Existing Process
CAPEC
PHP Remote File Inclusion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.