Information High Vega has detected a possible command injection vulnerability. Attackers may be able to run commands on the server. Exploitation may lead to unauthorized remote access. Developers should examine the code corresponding to the page in detail to determine if the vulnerability exists. Execution of system commands through a command interpreter, such as with system(), should be avoided. If absolutely necessary, the developer should take extra care with validating the input before it is passed to the interpreter. Command injection vulnerabilities often occur when inadequately sanitized externally supplied data is as part of a system command executed through a command interpreter, or shell. Vulnerabilities such as these can be exploited by using shell metacharacters to run additional commands that were not intended to be executed by the application developer. The system() function, and derivatives, are often responsible, as these functions are very simple to use. These vulnerabilities can grant remote access to attackers, if exploited successfully. Command Injection (OWASP) Reviewing Code for OS Injection (OWASP) Shell Injection (Wikipedia)