Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Using functions like os.system() or os.popen() to execute shell commands can be dangerous if user input is passed to them. This makes your code vulnerable to command injection attacks, where an attacker could run arbitrary system commands.
Impact#
If exploited, an attacker could execute malicious commands on the server with the same permissions as your application. This can lead to unauthorized access, data theft, system compromise, or complete takeover of the server.