Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | High |
Description#
This vulnerability occurs when user input from sources like params, cookies, or request environment is passed directly to file or shell commands. Without proper validation or sanitization, attackers can manipulate these inputs to execute unintended commands or access files they shouldn’t.
Impact#
If exploited, attackers could run arbitrary commands on the server, read or modify sensitive files, or even take control of the system. This can lead to data breaches, loss of data integrity, unauthorized access, and severe compromise of the application’s security.