TaintedShell
User-controlled input reaches a shell execution sink without escaping, creating a command injection risk.
Example
Section titled “Example”<?phpsystem('convert ' . $_POST['file']); // injection riskHow to fix
Section titled “How to fix”Use escapeshellarg() on any user-supplied values before passing them to shell functions.
<?phpsystem('convert ' . escapeshellarg($_POST['file']));