SYM_JAVA_0068 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code establishes a network socket and connects it to a system process, effectively allowing remote users to send commands to the server for execution. This creates a reverse shell, which can let attackers remotely control the host machine.
Impact
If exploited, an attacker could gain full remote access to the server, execute arbitrary commands, steal data, install malware, or take complete control of the system. This poses a severe risk to the application's security and the broader network.