Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using eval() with dynamic, non-constant input allows execution of arbitrary PHP code. This makes it possible for attackers to inject and run malicious code if they control the input.
Impact#
If exploited, an attacker could execute any PHP code on your server, potentially leading to data theft, server compromise, or complete takeover of the application. This poses a serious risk to both application integrity and user data.