Description
This script is vulnerable to Python code injection. The user input appears to be placed into a dynamically evaluated Python code statement, allowing an attacker to execute arbitrary Python code.
Remediation
Avoid creating Python code by concatenating code with user input. Avoid use of the Python eval command.
References
Related Vulnerabilities
Apache Struts Remote Code Execution (S2-057)
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
WordPress Plugin WooCommerce Remote Code Execution (4.0.1)
Cacti Unauthenticated Command Injection (CVE-2022-46169)
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)