Information High Vega has detected a possible command injection vulnerability. Attackers may be able to run commands on the server. Exploitation may lead to unauthorized remote access. The bash shell should be upgraded on the affected host. This can often be done through the package management system, such as apt or yum. Developers should examine the code corresponding to the page in detail to determine if the vulnerability exists. Execution of system commands through a command interpreter, such as with system(), should be avoided. If absolutely necessary, the developer should take extra care with validating the input before it is passed to the interpreter. The issue Vega identified is due to a vulnerability in the Bash shell. This vulnerability may manifest itself remotely in web applications if user-supplied input is passed to the Bash shell environment, which can occur if header or parameter values are converted to local environment variables. If successfully exploited, this vulnerability may lead to command execution on the underlying host. Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271, CVE-2014-7169) (Red Hat) CVE-2014-6271 CVE-2014-6278 CVE-2014-7169 Command Injection (OWASP) Reviewing Code for OS Injection (OWASP) Shell Injection (Wikipedia)