Command_Injection issue exists @ website/pictures/conflictview.php in branch master
The application's <?php method calls an OS (shell) command with passthru, at line 1 of website\pictures\conflictview.php, using an untrusted string with the command to execute.
This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack.
The attacker may be able to inject the executed command via user input, _GET, which is retrieved by the application in the <?php method, at line 1 of website\pictures\conflictview.php.
Command_Injection issue exists @ website/pictures/conflictview.php in branch master
The application's <?php method calls an OS (shell) command with passthru, at line 1 of website\pictures\conflictview.php, using an untrusted string with the command to execute. This could allow an attacker to inject an arbitrary command, and enable a Command Injection attack. The attacker may be able to inject the executed command via user input, _GET, which is retrieved by the application in the <?php method, at line 1 of website\pictures\conflictview.php.
Severity: High
CWE:77
Vulnerability details and guidance
Checkmarx
Lines: 18
Code (Line #18):