DerScanner
Home / Vulnerability Database / Perl : Two-argument open function usage
Perl

Perl : Two-argument open function usage

Classification

OWASP Top 10 2013
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2017
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2021
A6-Vulnerable and Outdated Components
PCI DSS 4.0
6.3
CWE
CWE-242CWE-676CWE-1035
CWE/SANS Top 25 2011
CWE-676

Overview

The application uses the open function with two arguments, which is unsafe.

There are several forms of the open function:

  • open FILEHANDLE,EXPR
  • open FILEHANDLE,MODE,EXPR
  • open FILEHANDLE,MODE,EXPR,LIST
  • open FILEHANDLE,MODE,REFERENCE
  • open FILEHANDLE

The MODE argument is responsible for the mode in which the file will be opened (for input or output). It can also be used to indicate that instead of opening a file, the system must execute the command shell and treat it as an input or output file.

When using the open function with two arguments, you need to pass the mode in which you want to view the file with the name of the file you want or the corresponding command shell as EXPR. This function form is much more prone to errors and may lead to command injection if the user can influence the variable responsible for the file name.

References

  1. OWASP Top 10 2017-A9-Using Components with Known Vulnerabilities
  2. CWE-676: Use of Potentially Dangerous Function
  3. CWE-242: Use of Inherently Dangerous Function
  4. Perl Worst Practices
  5. CWE-1035
MEDIUM

DerScanner Severity Score

Do you want to fix Perl : Two-argument open function usage in your application?

See also

Perl

Perl : Empty encryption key

Perl

Perl : Undocumented feature: special account

Perl

Perl : Undocumented feature: time bomb