The IT Law Wiki

Command injection

32,057pages on
this wiki
Add New Page
Add New Page Talk0

Definition Edit

Command injection

allows for the execution of arbitrary commands and code by the attacker. If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed.[1]

Overview Edit

"Command injection vulnerabilities typically occur when:

1. Data enter the application from an untrusted source.
2. The data are part of a string that is executed as a command by the application.
3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have."[2]

References Edit

  1. Common Cybersecurity Vulnerabilities in Industrial Control Systems, at 14 (citation omitted).
  2. Id.

Also on Fandom

Random Wiki