|
gptkbp:instance_of
|
gptkb:Common_Weakness_Enumeration
|
|
gptkbp:bfsLayer
|
5
|
|
gptkbp:bfsParent
|
gptkb:CWE-20
|
|
gptkbp:category
|
Code Injection
|
|
gptkbp:consequences
|
Data loss
Unauthorized access
Data corruption
Denial of service
System compromise
|
|
gptkbp:difficulty
|
gptkb:High
|
|
gptkbp:example
|
Using user input to construct a system command.
|
|
gptkbp:has_weakness
|
gptkb:CWE-200
gptkb:CWE-22
gptkb:CWE-117
gptkb:CWE-120
gptkb:CWE-121
gptkb:CWE-122
gptkb:CWE-123
gptkb:CWE-124
gptkb:CWE-126
gptkb:CWE-127
gptkb:CWE-128
gptkb:CWE-129
gptkb:CWE-130
gptkb:CWE-131
gptkb:CWE-132
gptkb:CWE-133
gptkb:CWE-134
gptkb:CWE-135
gptkb:CWE-185
gptkb:CWE-186
gptkb:CWE-187
gptkb:CWE-188
gptkb:CWE-189
gptkb:CWE-190
gptkb:CWE-191
gptkb:CWE-192
gptkb:CWE-193
gptkb:CWE-194
gptkb:CWE-195
gptkb:CWE-196
gptkb:CWE-197
gptkb:CWE-198
gptkb:CWE-199
gptkb:CWE-73
gptkb:CWE-91
gptkb:CWE-94
gptkb:CWE-95
gptkb:CWE-125
CWE-136
CWE-137
CWE-138
CWE-139
CWE-140
CWE-141
CWE-142
CWE-143
CWE-144
CWE-145
CWE-146
CWE-147
CWE-148
CWE-149
CWE-150
CWE-151
CWE-152
CWE-153
CWE-154
CWE-155
CWE-156
CWE-157
CWE-158
CWE-159
CWE-160
CWE-161
CWE-162
CWE-163
CWE-164
CWE-165
CWE-166
CWE-167
CWE-168
CWE-169
CWE-170
CWE-171
CWE-172
CWE-173
CWE-174
CWE-175
CWE-176
CWE-177
CWE-178
CWE-179
CWE-180
CWE-181
CWE-182
CWE-183
CWE-184
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
CWE-74
|
|
gptkbp:impact
|
Security Vulnerability
|
|
gptkbp:is_described_as
|
The software constructs a command using external input that is then executed by a function.
|
|
gptkbp:is_protected_by
|
Input validation
Escaping user input
Use of safe AP Is
|
|
gptkbp:name
|
Injection of Function Call
|
|
gptkbp:related_to
|
gptkb:CWE-77
gptkb:CWE-89
gptkb:CWE-20
CWE-78
|