National Institute of Standards and Technology
Package illustrating a test case

Test case 2028

Description

A software system that accepts and executes input in the form of operating system commands (e.g. system(), exec(), open()) could allow an attacker with lesser privileges than the target software to execute commands with the elevated privileges of the executing process.

Flaws

Test Suites

Have any comments on this test case? Please, send us an email.