SYM_RB_0025 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code uses the 'open' function with a dynamically constructed command, which may include untrusted input. This can allow attackers to inject and execute arbitrary commands if user data is passed in without proper validation.
Impact
If exploited, an attacker could execute arbitrary system commands on the server, potentially leading to data theft, data loss, or a complete system compromise. This could allow unauthorized access, modification, or destruction of critical application or system resources.