Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The application takes user input and passes it directly to a function that runs shell commands, without proper sanitization. This allows attackers to inject malicious commands into the system.
Impact#
If exploited, an attacker could execute arbitrary commands on the server, potentially gaining access to sensitive data, modifying files, or taking control of the server. This can lead to data breaches, service disruption, or full system compromise.