Severity

Likelihood

Confidentiality

Integrity

Availability

The target application must accept input from the user. In virtually all cases, this must be string input.

The target application must fail to adequately filter the user input against the insertion of instructions.