CWE-94

GPTKB entity

Statements (24)
Predicate Object
gptkbp:instanceOf gptkb:Common_Weakness_Enumeration
gptkbp:category Software weakness
gptkbp:consequence compromise of system integrity
execution of arbitrary code
gptkbp:describes A weakness where software constructs all or part of code using externally-influenced input, which can allow attackers to execute arbitrary code.
gptkbp:example dynamic code generation with unsanitized data
eval() with user input
gptkbp:externalLink https://cwe.mitre.org/data/definitions/94.html
gptkbp:hasCWE gptkb:CWE-94
https://www.w3.org/2000/01/rdf-schema#label CWE-94
gptkbp:maintainedBy gptkb:MITRE_Corporation
gptkbp:mitigatedBy Input validation
Use of safe APIs
gptkbp:name Improper Control of Generation of Code ('Code Injection')
gptkbp:partOf CWE Top 25 (various years)
gptkbp:relatedTo code injection
remote code execution
gptkbp:usedIn software security assessments
gptkbp:bfsParent gptkb:CVE-2022-22954
gptkb:CVE-2022-26134
gptkb:CVE-2017-0199
gptkb:CWE
gptkb:CVE-2017-5638
gptkbp:bfsLayer 7