The application uses the open function with two arguments, which is unsafe.

There are several forms of the open function:

open FILEHANDLE,EXPR
open FILEHANDLE,MODE,EXPR
open FILEHANDLE,MODE,EXPR,LIST
open FILEHANDLE,MODE,REFERENCE
open FILEHANDLE

The MODE argument is responsible for the mode in which the file will be opened (for input or output). It can also be used to indicate that instead of opening a file, the system must execute the command shell and treat it as an input or output file.

When using the open function with two arguments, you need to pass the mode in which you want to view the file with the name of the file you want or the corresponding command shell as EXPR. This function form is much more prone to errors and may lead to command injection if the user can influence the variable responsible for the file name.

Perl : Executing the sudo command inside the application

DerScanner Severity Score

Do you want to fix Perl : Executing the sudo command inside the application in your application?

See also