Code execution

Description

This script is possibly vulnerable to code execution attacks.

Code injection vulnerabilities occur where the output or content served from a Web application can be manipulated in such a way that it triggers server-side code execution. In some poorly written Web applications that allow users to modify server-side files (such as by posting to a message board or guestbook) it is sometimes possible to inject code in the scripting language of the application itself.

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
A malicious user may execute arbitrary system commands with the permissions of the web server.

Recommendation
Your script should filter metacharacters from user input.

References
Security Focus - Penetration Testing for Web Applications (Part Two)
OWASP PHP Top 5
Code Execution Security Vulnerability