CAPEC-175: Code Inclusion

An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.

Very High

Typical severity

Per MITRE

Medium

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Overview

CAPEC-175 (Code Inclusion) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-175: Code Inclusion

Overview

What the attacker needs

Prerequisites

Resources required

Examples

Frequently asked questions

What is CAPEC-175?

What weaknesses does CAPEC-175 target?

How severe is CAPEC-175?

References

Defend against CAPEC-175

Overview

What the attacker needs

Prerequisites

Resources required

Examples

Related weaknesses

Related attack patterns

Child

Related

Frequently asked questions

What is CAPEC-175?

What weaknesses does CAPEC-175 target?

How severe is CAPEC-175?

References

Defend against CAPEC-175