SYM_PHP_0022 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Using backticks in PHP executes the enclosed string as a shell command. If user input is included in this string, it can allow attackers to run arbitrary commands on your server.
Impact
Exploiting this vulnerability could let attackers execute malicious system commands, potentially leading to data theft, server compromise, or a complete takeover of the application environment.