Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User input from web requests is being passed directly to subprocess functions, allowing external data to control system commands. This makes it possible for attackers to inject malicious commands into your application.
Impact#
If exploited, an attacker could execute arbitrary system commands on your server, potentially leading to data theft, system compromise, or full server takeover. This can result in loss of sensitive information, service disruption, or enabling further attacks within your infrastructure.