SYM_PY_0041 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code is executing operating system commands using dynamic or external input. If user-controlled data reaches these process-spawning functions, an attacker could inject and run arbitrary commands.
Impact
An attacker could execute unauthorized commands on the server, potentially leading to data theft, service disruption, or complete system compromise. This puts sensitive data, application integrity, and server resources at serious risk.