Operating System Command Injection

High Web Application Scanning Plugin ID 98123


Operating System Command Injection


OS command injection occurs when user supplied input is used to form a command to be executed by the operating system.
Scanner was able to inject specific Operating System commands and have the output from that command contained within the server response. This indicates that input is not being sanitized properly.


It is recommended that untrusted data is never used to form a command to be executed by the OS.
To validate data, the application should ensure that the supplied value contains only the characters that are required to perform the required action.

See Also


Plugin Details

Severity: High

ID: 98123

File Name: was_os_cmd_injection.nasl

Type: remote

Published: 2017/03/31

Modified: 2017/10/16

Risk Information

Risk Factor: High

Reference Information