Standardlikelihood: Highseverity: HighDraft

CAPEC-6Argument Injection

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods. Metadata: standard CAPEC pattern, status draft, likelihood high, severity high. Underlying weaknesses: CWE-74, CWE-146, CWE-184, CWE-78, CWE-185 (and 1 more). Related CAPEC pattern: [object Object].

Related weaknesses· 6

CWE-74CWE-146CWE-184CWE-78CWE-185CWE-697

Related attack patterns· 1

CAPEC-137 (ChildOf)

Exploits6

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')cwe-74100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-78100%live
WeaknessImproper Neutralization of Expression/Command Delimiterscwe-146100%live
WeaknessIncorrect Regular Expressioncwe-185100%live
WeaknessIncomplete List of Disallowed Inputscwe-184100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Command Injection
CAPEC
SQL Injection
CAPEC
Input Data Manipulation
CAPEC
Resource Injection
CAPEC
Object Injection
CAPEC
Code Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.