Home / Vulnerability Database / PHP : Command injection
PHP
PHP : Command injection
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP ASVS
PCI DSS 4.0
CWE/SANS Top 25 2011
Overview
Executing commands obtained from data from an untrusted source is insecure.
Running commands without setting precise absolute path allow an attacker to execute malicious code, changing the value of $PATH or other environment parameters.
Vulnerabilities such as command injection are divided into two categories:
- The attacker modifies the command itself;
- The attacker replaces the value of environment variables, implicitly changing the semantics of the command being executed.
In the given case, the application is prone to a first type of vulnerability.
Possible attack scenario:
- The application receives input data from an untrusted source, for example, data is entered by the user.
- The data obtained is used as a part of the line that defines the command.
- The command execution gives the attacker the rights that he did not previously possess.
References
- OWASP Top 10 2017-A1-Injection
- OWASP Top 10 2013-A1-Injection
- OWASP: Command Injection
- CWE-73: External Control of File Name or Path
- CWE-77: Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
- CWE-78: Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
- CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
MEDIUM
DerScanner Severity Score
Do you want to fix PHP : Command injection in your application?
See also
PHP
PHP : Null salt
PHP
PHP : Empty password
PHP