NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 2.0 Threats

Command injection

A vulnerability where user-supplied input is passed to a shell interpreter, letting the attacker append arbitrary commands. Classic: `system("ping " + user_input)` with input `; rm -rf /`.

How this shows up at NCAE

The competition web app may have a ping-a-host feature or file-upload handler with this bug. Red team uses it to drop web shells. Defense: sanitize input or use execve without shell.