Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code establishes a network socket and connects it to a system process, effectively allowing remote users to send commands to the server for execution. This creates a reverse shell, which can let attackers remotely control the host machine.
Impact#
If exploited, an attacker could gain full remote access to the server, execute arbitrary commands, steal data, install malware, or take complete control of the system. This poses a severe risk to the application’s security and the broader network.