Improper Control of Generation of Code (‘Code Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code (‘Code Injection’) |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
The code uses the ‘open’ function with a dynamically constructed command, which may include untrusted input. This can allow attackers to inject and execute arbitrary commands if user data is passed in without proper validation.
Impact#
If exploited, an attacker could execute arbitrary system commands on the server, potentially leading to data theft, data loss, or a complete system compromise. This could allow unauthorized access, modification, or destruction of critical application or system resources.