The weakness consists in downloading of source or executable code without checking its origin and integrity. Lack of verifying allows attackers to deceive the system by execution or changing a malicious code. Using of untrusted code allows offenders to execute attacker-controlled commands, read or modify potentially sensitive information or worsen software functioning for legitimate users.
The weakness is introduced during Architecture and Design, Implementation stages.
Latest vulnerabilities for CWE-494
Description of CWE-494 on Mitre website