Standardlikelihood: Highseverity: HighDraft

CAPEC-88OS Command Injection

Abstraction
Standard
Status
Draft
Likelihood
High
Severity
High

Description

In this type of an attack, an adversary injects operating system commands into existing application functions. An application that uses untrusted input to build command strings is vulnerable. An adversary can leverage OS command injection in an application to elevate privileges, execute arbitrary commands and compromise the underlying operating system.

Related weaknesses· 4

CWE-78CWE-88CWE-20CWE-697

Related attack patterns· 1

CAPEC-248 (ChildOf)

Exploits4

TypeTargetConfidenceTier
WeaknessImproper Input Validationcwe-20100%live
WeaknessImproper Neutralization of Argument Delimiters in a Command ('Argument Injection')cwe-88100%live
WeaknessIncorrect Comparisoncwe-697100%live
WeaknessImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')cwe-78100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Command Injection
CAPEC
Code Injection
CAPEC
Command Line Execution through SQL Injection
CAPEC
SQL Injection
CAPEC
Expanding Control over the Operating System from the Database
CWE
Process Control
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.