CWE-77

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instance_of gptkb:Common_Weakness_Enumeration
gptkbp:category Injection
gptkbp:consequences Data loss
Unauthorized access
Data corruption
Denial of service
gptkbp:description A weakness that allows an attacker to execute arbitrary commands on the host operating system via a vulnerable application.
gptkbp:difficulty_levels gptkb:High
gptkbp:example Injection vulnerabilities
Using user input in a system command without proper sanitization.
gptkbp:has_enemies Remote or local
gptkbp:has_weakness gptkb:CWE-22
gptkb:CWE-73
gptkb:CWE-94
CWE-78
https://www.w3.org/2000/01/rdf-schema#label CWE-77
gptkbp:impact Execution of arbitrary commands
gptkbp:is_referenced_in gptkb:SANS_Top_25
gptkb:NIST_SP_800-53
gptkb:ISO/_IEC_27001
gptkb:OWASP_Top_Ten
gptkbp:name Command Injection
gptkbp:prevention Input validation
Use of safe APIs
gptkbp:related_to gptkb:CWE-89
gptkb:CWE-20
gptkbp:bfsParent gptkb:CWE-200
gptkb:CWE-74
gptkb:CWE-749
gptkbp:bfsLayer 8