Description

This script is vulnerable to Python code injection. The user input appears to be placed into a dynamically evaluated Python code statement, allowing an attacker to execute arbitrary Python code.

Remediation

Avoid creating Python code by concatenating code with user input. Avoid use of the Python eval command.

References

Exploiting Python Code Injection in Web Applications

Related Vulnerabilities

Apache Struts Remote Code Execution (S2-057)

PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)

WordPress Plugin WooCommerce Remote Code Execution (4.0.1)

Cacti Unauthenticated Command Injection (CVE-2022-46169)

Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)

Severity

Critical

Classification

CWE-95 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Acumonitor