1.2.1091. Shell commands¶
Shell commands, called from PHP.
Shell commands are detected with the italic quotes, and using shell_exec(), system(), exec() and proc_open().
<?php
// Shell command in a shell_exec() call
shell_exec('ls -1');
// Shell command with backtick operator
`ls -1 $path`;
?>
See also Execution operator, shell_exec and exec.
1.2.1091.1. Specs¶
Short name |
Type/Shellcommands |
Rulesets |
|
Exakat since |
1.9.9 |
PHP Version |
All |
Severity |
|
Time To Fix |
|
Precision |
Very high |
Features |
system-call |
Available in |