Description
This page is vulnerable to Argument Injection. A web application is vulnerable to argument injection when untrusted inputs are passed as arguments when executing a specific command. An attacker can manipulate the arguments passed to the process to trigger an OS command injection.
Remediation
Assume all input is malicious. Use a whitelist of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
References
Related Vulnerabilities
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)
vBulletin Pre-Auth RCE Vulnerability
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
BigIP iRule Tcl code injection
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)