Description
This script is possibly vulnerable to Cmd hijack attacks.
Cmd hijack is a command/argument confusion in cmd.exe that allows an attacker to launch arbitrary Windows system executables. The issue appears when an attacker is using path traversal sequences to hijack the original command that should be executed. It only affects Windows systems.
For example, the following command:
cmd.exe /c "ping 127.0.0.1/../../../../../../../../../../windows/system32/calc.exe"will launch calc.exe instead of ping.exe.
Remediation
Your script should filter metacharacters from user input. PHP web applications should use escapeshellarg() instead of escapeshellcmd().
References
Related Vulnerabilities
Telerik Web UI RadAsyncUpload Deserialization
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)