command-injection
command-injection
Untrusted input might be injected into a command executed by the application, which can lead to a command injection vulnerability. An attacker can execute arbitrary commands, potentially gaining complete control of the system. To prevent this vulnerability, avoid executing OS commands with user input through the
Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection)
OWASP:
- A03:2021 - Injection
:os.cmd and System.cmd functions. If this is unavoidable, validate and sanitize the input, and use safe methods for executing the commands. Likelihood: MEDIUM
Confidence: MEDIUM
CWE:
- CWE-77: Improper Neutralization of Special Elements used in a Command (Command Injection)
OWASP:
- A03:2021 - Injection