Statements (30)
Predicate | Object |
---|---|
gptkbp:instance_of |
gptkb:Common_Weakness_Enumeration
|
gptkbp:category |
Injection
|
gptkbp:consequences |
Data loss
Unauthorized access Data corruption Denial of service |
gptkbp:description |
A weakness that allows an attacker to execute arbitrary commands on the host operating system via a vulnerable application.
|
gptkbp:difficulty_levels |
gptkb:High
|
gptkbp:example |
Injection vulnerabilities
Using user input in a system command without proper sanitization. |
gptkbp:has_enemies |
Remote or local
|
gptkbp:has_weakness |
gptkb:CWE-22
gptkb:CWE-73 gptkb:CWE-94 CWE-78 |
https://www.w3.org/2000/01/rdf-schema#label |
CWE-77
|
gptkbp:impact |
Execution of arbitrary commands
|
gptkbp:is_referenced_in |
gptkb:SANS_Top_25
gptkb:NIST_SP_800-53 gptkb:ISO/_IEC_27001 gptkb:OWASP_Top_Ten |
gptkbp:name |
Command Injection
|
gptkbp:prevention |
Input validation
Use of safe APIs |
gptkbp:related_to |
gptkb:CWE-89
gptkb:CWE-20 |
gptkbp:bfsParent |
gptkb:CWE-200
gptkb:CWE-74 gptkb:CWE-749 |
gptkbp:bfsLayer |
8
|