|“||allows for the execution of arbitrary commands and code by the attacker. If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed.||”|
"Command injection vulnerabilities typically occur when:
- 1. Data enter the application from an untrusted source.
- 2. The data are part of a string that is executed as a command by the application.
- 3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."
- ↑ Common Cybersecurity Vulnerabilities in Industrial Control Systems, at 14 (citation omitted).
- ↑ Id.