SYM_PHP_0032 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | High |
Description
User-supplied data from request variables is passed directly to PHP functions that execute system commands without proper sanitization. This allows attackers to inject and run arbitrary commands on the server.
Impact
If exploited, attackers could execute malicious commands, access or modify sensitive data, disrupt server operations, or gain full control over the affected system. This can lead to data breaches, service outages, and severe compromise of the application's integrity and security.