SYM_OCAML_0001 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
OS Command Injection
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: OS Command Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Medium |
Description
Executing external commands using functions like Unix.execve, Unix.system, or Sys.command with untrusted or unsanitized input can allow attackers to run arbitrary system commands. This happens when user input is passed directly to these functions without strict validation.
Impact
If exploited, an attacker could execute malicious commands on the server, compromise sensitive data, alter system files, or gain unauthorized access. This can lead to full system compromise, data breaches, or disruption of service.