What type of vulnerability allows for unauthorized command execution via user input?

The most accurate type of vulnerability that allows for unauthorized command execution via user input is command injection. Command injection occurs when an application accepts user input and executes it as a command without proper validation or sanitization. This can allow an attacker to manipulate the input to execute arbitrary commands on the server or system hosting the application, leading to potential data breaches, unauthorized access, or system compromises.

While code injection is a broader term that encompasses various types of vulnerabilities, command injection specifically focuses on the execution of commands through user input into the system’s command interpreter. Other forms of code injection typically refer to inserting malicious code into a software application, which might not directly involve command execution.

The options such as SQL injection target database queries and buffer overflow vulnerabilities exploit memory allocation issues but do not specifically pertain to executing system commands through user input in the same manner that command injection does. Thus, command injection is the focused and precise answer when discussing unauthorized command execution via user input.