- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/avoid-backticks
Language: PHP
Severity: Error
Category: Security
CWE: 94
When you execute shell commands with user-defined inputs in PHP, it leaves your application open to shell injection attacks. In these attacks, a malicious user can manipulate the input to execute arbitrary shell commands, which can lead to unauthorized access, data leakage, or even system compromise.
To ensure the safety of your application, it’s important to avoid using user-defined input directly in shell commands. Instead, use built-in PHP functions that can perform the required task without the need for executing shell commands. If there’s a need to use shell commands, make sure to sanitize and validate the user input thoroughly before using it.
<?php
echo `ping -n 3 {$user_input}`;
<?php
echo `ping -n 3 domain.tld`;
|
|
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products