Cornucopia - Ecommerce Website - VE K
Due a failure of server-side input or output validation, encoding or sanitization, malicious code can be injected and treated as code rather than data, leading to code execution in the server application.
NB: This relates to actual exploitation of an injection vulnerability on the server-side. See VE Q for the same attack client-side, and other cards in this suit for individual data validation and encoding issues (e.g. missing/by-passable/badly-implemented input/output validation, encoding or sanitization).
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|