Command Injection


The application is vulnerable to command injection attacks. The application uses user-supplied data to construct commands for the backend operating system. An attacker is able to submit user input in order to change the structure of command statements and effectively bypass application logic. Once the attacker can control the application’s operating system command syntax, they can send commands directly to the operating system with the same privileges of the application.

Custom Description


Risk Rating


How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas



Subscribe here in order to gain access to the AppSec Findings Database


Leave a Reply