Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
Command injection lets attackers run arbitrary OS commands via unsanitized input to a shell; prevent it with input validation and parameterized APIs.
Command Injection Definition: Command injection lets attackers run arbitrary OS commands via unsanitized input to a shell; prevent it with input validation and parameterized APIs.
Command injection, also called OS command injection or shell injection, is a vulnerability that lets an attacker execute arbitrary operating-system commands on a host by supplying malicious input to an application that passes unsanitized data to a system shell. Successful exploitation can lead to full system compromise, data theft, or lateral movement. Prevention relies on avoiding shell calls with user input, using parameterized APIs, strict input validation, and least-privilege execution.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →