Command Injection via System Exec Functions
Description
The code uses system exec functions that can lead to command injection. This occurs when an application uses user input to construct a command or query, allowing an attacker to inject malicious input and execute arbitrary system commands.
Examples
Insecure Code
php
$output = shell_exec('ls ' . $_GET['dir']);Secure Code
php
$output = shell_exec('ls ' . escapeshellarg($dir));Remediation
Use parameterized queries or prepared statements to separate code from user input. Validate and sanitize all user input to prevent malicious commands from being injected.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0749 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-94 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | command injection, code injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |