Skip to content

Command Injection Analyzer

Configuration Name: CmdInjection


Command Injection analyzer detects injection attack vulnerabilities in an API by issuing requests that contain command-line attack vectors. An application is vulnerable to injection attacks if it does not properly validate, filter, or sanitize input strings in a request. This can be exploited by an attacker by sending attack vectors in a request. OWASP classifies Injection as #8 in its API Security Top 10 (API8:2019).

Faults Reported

Fault Identifier Title Summary Solution Severity
CWE-20 Improper Input Validation The application either does not validate input data or incorrectly validates that the input may be processed safely and correctly. Application should sanitize inputs and respond with a client error for invalid input data. medium