Statements (23)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
Software weakness
|
| gptkbp:consequence |
compromise of system integrity
execution of arbitrary code |
| gptkbp:describes |
A weakness where software constructs all or part of code using externally-influenced input, which can allow attackers to execute arbitrary code.
|
| gptkbp:example |
dynamic code generation with unsanitized data
eval() with user input |
| gptkbp:externalLink |
https://cwe.mitre.org/data/definitions/94.html
|
| gptkbp:hasCWE |
gptkb:CWE-94
|
| gptkbp:maintainedBy |
gptkb:MITRE_Corporation
|
| gptkbp:mitigatedBy |
Input validation
Use of safe APIs |
| gptkbp:name |
Improper Control of Generation of Code ('Code Injection')
|
| gptkbp:partOf |
CWE Top 25 (various years)
|
| gptkbp:relatedTo |
code injection
remote code execution |
| gptkbp:usedIn |
software security assessments
|
| gptkbp:bfsParent |
gptkb:CVE-2022-22954
gptkb:CVE-2022-26134 gptkb:CVE-2017-0199 gptkb:CWE |
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-94
|