SYM_PY_0044 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
User-controlled input (like environment variables or command-line arguments) is being passed directly to subprocess functions without proper sanitization. This allows attackers to inject malicious commands into system calls.
Impact
If exploited, an attacker could execute arbitrary system commands on the server, potentially gaining unauthorized access, stealing data, or compromising the entire system. This puts sensitive information and core infrastructure at significant risk.