Prepare for the Ethical Hacking Essentials Test. Dive into flashcards and multiple choice questions, with hints and explanations for each one. Ace your exam!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


What type of vulnerability allows for unauthorized command execution via user input?

  1. Code injection

  2. SQL injection

  3. Command injection

  4. Buffer overflow

The correct answer is: Code injection

The most accurate type of vulnerability that allows for unauthorized command execution via user input is command injection. Command injection occurs when an application accepts user input and executes it as a command without proper validation or sanitization. This can allow an attacker to manipulate the input to execute arbitrary commands on the server or system hosting the application, leading to potential data breaches, unauthorized access, or system compromises. While code injection is a broader term that encompasses various types of vulnerabilities, command injection specifically focuses on the execution of commands through user input into the system’s command interpreter. Other forms of code injection typically refer to inserting malicious code into a software application, which might not directly involve command execution. The options such as SQL injection target database queries and buffer overflow vulnerabilities exploit memory allocation issues but do not specifically pertain to executing system commands through user input in the same manner that command injection does. Thus, command injection is the focused and precise answer when discussing unauthorized command execution via user input.