Dark Mode

Settings

Capec-242 Detail

Code Injection

Meta Software Likelihood: High Typical Severity: High

Children: 19 23 41 63 468

Threats: T290

Description

An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

Not present

External ID Source Link Description
CAPEC-242 capec https://capec.mitre.org/data/definitions/242.html
CWE-94 cwe http://cwe.mitre.org/data/definitions/94.html
OWASP Attacks https://owasp.org/www-community/attacks/Code_Injection Code Injection
REF-612 reference_from_CAPEC https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11-Testing_for_Code_Injection.html OWASP Web Security Testing Guide, The Open Web Application Security Project (OWASP)

Not present

  1. The target software does not validate user-controlled input such that the execution of a process may be altered by sending code in through legitimate data channels, using no other mechanism.

Not present

Not present

Integrity Availability Confidentiality
Other (Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad.) Other (Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad.) Other (Code Injection attack patterns can result in a wide variety of consequences and negatively affect all three elements of the security triad.)

Not present

We use cookies to ensure you get the best experience on our website.