| CAPEC | Related Weakness |
| OS Command Injection |
| CWE-20 | Improper Input Validation |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Argument Injection |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-185 | Incorrect Regular Expression |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Command Delimiters |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') |
| CWE-138 | Improper Neutralization of Special Elements |
| CWE-140 | Improper Neutralization of Delimiters |
| CWE-146 | Improper Neutralization of Expression/Command Delimiters |
| CWE-154 | Improper Neutralization of Variable Name Delimiters |
| CWE-157 | Failure to Sanitize Paired Delimiters |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-185 | Incorrect Regular Expression |
| CWE-697 | Incorrect Comparison |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
| Command Line Execution through SQL Injection |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
| CWE-114 | Process Control |
|
| Exploiting Multiple Input Interpretation Layers |
| CWE-20 | Improper Input Validation |
| CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors |
| CWE-179 | Incorrect Behavior Order: Early Validation |
| CWE-181 | Incorrect Behavior Order: Validate Before Filter |
| CWE-183 | Permissive List of Allowed Inputs |
| CWE-184 | Incomplete List of Disallowed Inputs |
| CWE-697 | Incorrect Comparison |
| CWE-707 | Improper Neutralization |
|
