SYM_PY_0208 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description
The code uses user input from HTTP request data to dynamically access or call global variables or functions via globals(). This allows attackers to control which code is executed, creating a serious security risk.
Impact
If exploited, an attacker could execute arbitrary code on your server—potentially reading files, modifying data, or taking over the system. This could lead to full system compromise, data breaches, and loss of control over the application.