A system command was successfully executed on your application's system. Command injections happen when a user manages to successfully execute arbitrary commands on the host's operating system by abusing a vulnerable endpoint.
To prevent command injection attacks:
-Never use user-submitted input in shell commands.
-If supported by your language, add
semgrep to your development process to ensure detection of potentially vulnerable system shell calls.
-Use proper input validation techniques to detect and prevent command injection. Keep in mind the input validation should be implemented in the backend as it will be easily bypassed if done in the frontend.
- skip_objects : List of objects that are to be skipped by the security test.
Ignoring this check
Check with all default options
- Escape Severity: HIGH
- OWASP: A08:2019
- PCI DSS: 6.5.1
- WASC: 31
- CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:F/RC:R
- CVSS_SCORE: 8.5