Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | High |
| Impact Level | High |
| Likelihood Level | High |
Description#
User input is being directly included in system command execution (like Runtime.exec or ProcessBuilder) without proper validation or separation. This allows attackers to inject malicious commands that the server will run.
Impact#
If exploited, attackers could execute arbitrary commands on your server, leading to data theft, system compromise, malware installation, or complete loss of control over the application and underlying infrastructure.