SYM_GO_0010 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code writes dynamic, potentially untrusted data to the input of an OS command using StdinPipe without proper validation. This allows user-controlled input to influence command execution, making the code vulnerable to command injection.
Impact
If exploited, an attacker could inject commands or scripts that are executed by the server, leading to unauthorized actions such as data theft, system compromise, or complete takeover of the application environment. This poses a critical risk to application integrity and data security.