Package illustrating a test case

Test case 183664

Type: source code
State: bad
Author: Bertrand Stivalet and Aurelien Delaitre
Status: candidate
Language: PHP
Submission Date: 20 Oct 2015

Description

Unsafe sample
input : get the $_GET['userData'] in an array
sanitize : none
construction : use of sprintf via a %s with simple quote

Flaws

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Test Suites

PHP Vulnerability Test Suite

Have any comments on this test case? Please, send us an email.