SYM_PY_0016 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
User input from web requests is being passed directly to subprocess functions, allowing external data to control system commands. This makes it possible for attackers to inject malicious commands into your application.
Impact
If exploited, an attacker could execute arbitrary system commands on your server, potentially leading to data theft, system compromise, or full server takeover. This can result in loss of sensitive information, service disruption, or enabling further attacks within your infrastructure.