Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Building shell commands by concatenating or formatting strings, especially with user input, can allow attackers to inject malicious commands. Instead, pass command arguments as a list to avoid unintended code execution.
Impact#
If exploited, an attacker could execute arbitrary system commands with the privileges of your application, potentially leading to data theft, corruption, or complete system compromise. This can expose sensitive information or allow attackers to take control of your server.