StandardDraft

CAPEC-253Remote Code Inclusion

Abstraction
Standard
Status
Draft

Description

The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.

Related weaknesses· 1

CWE-829

Related attack patterns· 2

CAPEC-175 (ChildOf)CAPEC-664 (CanPrecede)

Exploits1

TypeTargetConfidenceTier
WeaknessInclusion of Functionality from Untrusted Control Spherecwe-829100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Local Code Inclusion
CAPEC
Code Inclusion
CAPEC
Code Injection
CAPEC
PHP Remote File Inclusion
CAPEC
PHP Local File Inclusion
CAPEC
Inclusion of Code in Existing Process
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.