Statements (24)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
gptkbp:category |
Software weakness
|
gptkbp:consequence |
compromise of system integrity
execution of arbitrary code |
gptkbp:describes |
A weakness where software constructs all or part of code using externally-influenced input, which can allow attackers to execute arbitrary code.
|
gptkbp:example |
dynamic code generation with unsanitized data
eval() with user input |
gptkbp:externalLink |
https://cwe.mitre.org/data/definitions/94.html
|
gptkbp:hasCWE |
gptkb:CWE-94
|
https://www.w3.org/2000/01/rdf-schema#label |
CWE-94
|
gptkbp:maintainedBy |
gptkb:MITRE_Corporation
|
gptkbp:mitigatedBy |
Input validation
Use of safe APIs |
gptkbp:name |
Improper Control of Generation of Code ('Code Injection')
|
gptkbp:partOf |
CWE Top 25 (various years)
|
gptkbp:relatedTo |
code injection
remote code execution |
gptkbp:usedIn |
software security assessments
|
gptkbp:bfsParent |
gptkb:CVE-2022-22954
gptkb:CVE-2022-26134 gptkb:CVE-2017-0199 gptkb:CWE gptkb:CVE-2017-5638 |
gptkbp:bfsLayer |
7
|