CWE-114
Overview
- CWE ID
- 114
- CWE Name
- Process Control
- CWE Abstraction
- Class
- CWE structure
- Simple
- CWE Status
- Incomplete
Description
Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.
Extended Description
Process control vulnerabilities take two forms: 1. An attacker can change the command that the program executes: the attacker explicitly controls what the command is. 2. An attacker can change the environment in which the command executes: the attacker im