Definition Edit

Command injection

allows for the execution of arbitrary commands and code by the attacker. If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed.[1]

Overview Edit

"Command injection vulnerabilities typically occur when:

1. Data enter the application from an untrusted source.
2. The data are part of a string that is executed as a command by the application.
3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."[2]

References Edit

  1. Common Cybersecurity Vulnerabilities in Industrial Control Systems, at 14 (citation omitted).
  2. Id.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.