Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language | generic |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The code includes a Bash reverse shell command, which allows remote attackers to open a shell on the server and execute arbitrary commands. This exposes the system to unauthorized remote control.
Impact#
If exploited, an attacker could gain full remote access to the server, execute malicious commands, steal sensitive data, or compromise other systems in the network. This can lead to complete system takeover, data breaches, and significant operational disruption.