SYM_JSTS_0118 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The code executes system commands using user-controlled input without proper validation or sanitization. This allows attackers to inject malicious commands by manipulating the input data passed to functions like exec or spawn.
Impact
If exploited, an attacker could run arbitrary commands on the server, potentially gaining unauthorized access, stealing sensitive data, or disrupting system operations. This could lead to data breaches, loss of control over the server, or further compromise of the infrastructure.