OS Command Injection
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: OS Command Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
Executing external commands using functions like Unix.execve, Unix.system, or Sys.command with untrusted or unsanitized input can allow attackers to run arbitrary system commands. This happens when user input is passed directly to these functions without strict validation.
Impact#
If exploited, an attacker could execute malicious commands on the server, compromise sensitive data, alter system files, or gain unauthorized access. This can lead to full system compromise, data breaches, or disruption of service.