Which of the following is an attack that exploits a vulnerable application and executes commands on a remote host?

Command injection is an attack that targets vulnerable applications by allowing the attacker to execute arbitrary commands on a remote host. This type of attack typically occurs when an application passes untrusted data (input) to a system shell or interpreter without sufficient validation or sanitization.

For example, if an application accepts user input and incorporates it directly into a command that it executes, an attacker can manipulate the input to include additional commands, thus taking control of the execution flow. Successful command injection attacks can lead to unauthorized actions, data manipulation, or system compromise, making it a serious security risk.

Other attack types, while also concerning, do not specifically involve executing commands on a remote host in the same manner. SQL injection, for instance, targets databases rather than executing system commands, while cross-site scripting (XSS) primarily involves injecting scripts into web pages viewed by other users. Man-in-the-middle (MITM) attacks involve intercepting communication but do not inherently exploit application vulnerabilities for command execution.