2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Control of Generation of Code (‘Code Injection’) CWE-94
CWE-94, or Code Injection, occurs when a software application improperly controls the input used in generating code. This vulnerability allows attackers to inject malicious code, which the application subsequently compiles or interprets. The injected code can execute unintended commands, compromise data integrity, and even provide attackers with full control over the system.