The 2024 CWE Top 25: Understanding and Mitigating CWE-78 – OS Command Injection
OS Command Injection occurs when an application dynamically constructs operating system (OS) commands using untrusted inputs, enabling an attacker to execute arbitrary commands on the host system. These commands often run with the same privileges as the application, amplifying the potential impact.