SYM_CONF_0027 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code downloads data using curl and then executes it with eval. If the remote server is compromised or malicious, it can send back code that will be executed on your system, leading to severe security risks.
Impact
An attacker controlling the remote server could run arbitrary commands on your system, potentially stealing sensitive data, modifying files, or taking full control of the machine. This can lead to data breaches, system compromise, and damage to your organization's infrastructure.