exec()
can be vulnerable to arbitrary command execution85 } else {
86 $command = config('commands.pdflatex') . " " . "-interaction=nonstopmode -output-dir " . $outputDir . " " . $path . " 2>&1";
87 Log::info($command);
88 $result = exec($command);89 Log::info($result);
90 }
91 return $result;
exec()
can be vulnerable to arbitrary command execution73 } else {
74 // This happens too often to log.
75 $command = config('commands.ping') . " " . $router->ip . " -c 1 | grep 'error\|unreachable'";
76 $result = exec($command);77 }
78 return $result;
79 }
exec()
can be vulnerable to arbitrary command execution60 if (self::isDebugMode()) {
61 $result = rand(1, 10);
62 } else {
63 $result = exec($command);64 }
65 Log::info([$command, $result]);
66 return $result;
exec()
can be vulnerable to arbitrary command execution47 // cancel(1) exits with status code 0 if it succeeds
48 $result = ['output' => '', 'exit_code' => 0];
49 } else {
50 $output = exec($command, $result, $exit_code);51 $result = ['output' => $output, 'exit_code' => $exit_code];
52 }
53 Log::info([$command, $result]);
exec()
can be vulnerable to arbitrary command execution34 $job_id = 0;
35 $result = "request id is " . config('print.printer_name') . "-" . $job_id . " (1 file(s))";
36 } else {
37 $result = exec($command);38 }
39 Log::info([$command, $result]);
40 return $result;
Using exec
, passthru
, shell_exec
or, system
functions to execute command can make the application vulnerable to arbitrary commands execution, if the user-supplied data is escaped or sanitized properly before passing them.
Though functions like escapeshellarg
and escapeshellcmd
exists which can be used to escape the command and shell argument. But the lack of cross-operating system compatibility of these functions relying on it is discouraged.
It is recommended to use a secure library like Symfony's Process Component to execute a command in a sub-process, which takes care of the escaping arguments irrespective of operating system to prevent security issues.
$output = null;
$resultCode = null;
$command = "ls -lsa {$_POST['path']}";
exec($command, $output, $resultCode);
use Symfony\Component\Process\Exception\ProcessFailedException;
use Symfony\Component\Process\Process;
$process = new Process(['ls', '-lsa', $_POST['path']]);
$process->run();
if ($process->isSuccessful()) {
echo $process->getOutput();
}