Statements (30)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:bfsLayer |
6
|
| gptkbp:bfsParent |
gptkb:CWE-200
gptkb:CWE-74 gptkb:CWE-749 |
| gptkbp:category |
Injection
|
| gptkbp:consequences |
Data loss
Unauthorized access Data corruption Denial of service |
| gptkbp:difficulty |
gptkb:High
|
| gptkbp:enemy |
Remote or local
|
| gptkbp:example |
Injection vulnerabilities
Using user input in a system command without proper sanitization. |
| gptkbp:has_weakness |
gptkb:CWE-22
gptkb:CWE-73 gptkb:CWE-94 CWE-78 |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-77
|
| gptkbp:impact |
Execution of arbitrary commands
|
| gptkbp:is_described_as |
A weakness that allows an attacker to execute arbitrary commands on the host operating system via a vulnerable application.
|
| gptkbp:is_effective_against |
Input validation
Use of safe AP Is |
| gptkbp:is_referenced_in |
gptkb:SANS_Top_25
gptkb:API gptkb:ISO/_IEC_27001 NISTSP 800-53 |
| gptkbp:name |
Command Injection
|
| gptkbp:related_to |
gptkb:CWE-89
gptkb:CWE-20 |