SYM_RB_0034 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Improper Control of Generation of Code ('Code Injection')
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-94: Improper Control of Generation of Code ('Code Injection') |
| OWASP | A03:2021 - Injection |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
Detected non-static command inside $EXEC. Audit the input to '$EXEC'. If unverified user data can reach this call site, this is a code injection vulnerability. A malicious actor can inject a malicious script to execute arbitrary code.