SYM_CS_0040 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language | csharp |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code builds and runs operating system commands using input that comes from external sources, without properly checking or sanitizing that input. This allows attackers to inject malicious commands that the system will execute.
Impact
If exploited, an attacker could execute arbitrary commands on the server, potentially gaining full control over the system, accessing sensitive data, modifying files, or disrupting application functionality. This can lead to severe breaches, data loss, or complete system compromise.