Description

This script is possibly vulnerable to Cmd hijack attacks.

Cmd hijack is a command/argument confusion in cmd.exe that allows an attacker to launch arbitrary Windows system executables. The issue appears when an attacker is using path traversal sequences to hijack the original command that should be executed. It only affects Windows systems.

For example, the following command: 

cmd.exe /c "ping 127.0.0.1/../../../../../../../../../../windows/system32/calc.exe"
will launch calc.exe instead of ping.exe.

Remediation

Your script should filter metacharacters from user input. PHP web applications should use escapeshellarg() instead of escapeshellcmd().

References

Cmd Hijack

Related Vulnerabilities

Ruby on Rails weak/known secret token

Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

Check for apache versions up to 1.3.25, 2.0.38

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

Severity

High

Classification

CWE-94 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Code Execution