SYM_PY_0045 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
| OWASP | A01:2017 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
Using functions like os.system() or os.popen() to execute shell commands can be dangerous if user input is passed to them. This makes your code vulnerable to command injection attacks, where an attacker could run arbitrary system commands.
Impact
If exploited, an attacker could execute malicious commands on the server with the same permissions as your application. This can lead to unauthorized access, data theft, system compromise, or complete takeover of the server.