Code injection

Code injection refers to the activity of manipulating a vulnerable program in order to execute arbitrary code – the malicious code is injected into the running process of the vulnerable program. This is possible when a program allows unsafe user-supplied data (for example, due to lack of boundary checks) to become part of the code of being executed, this often leading to the execution of a system shell: note that the malicious code is executed with the same privileges as the vulnerable program.