Test case 163004

Type: source code
State: bad
Author: Bertrand Stivalet and Aurelien Delaitre
Status: candidate
Language: PHP
Submission Date: 20 Oct 2015

Description

Unsafe sample
input : reads the field UserData from the variable $_GET
Flushes content of $sanitized if the filter email_filter is not applied
construction : concatenation with simple quote

Flaws

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Test Suites

PHP Vulnerability Test Suite

Have any comments on this test case? Please, send us an email.