Remote Command Execution

Remote Command Execution (RCE) is a critical security vulnerability that allows an adversary to execute arbitrary commands on a target system remotely. This typically occurs due to improper input validation, insecure deserialisation, or misconfigured applications. Exploiting RCE can lead to full system compromise, data breaches, or further exploitation within a network.

Remediation

Ensure all user inputs are properly validated and sanitised to prevent command injection.
Restrict application and system permissions to minimise the impact of potential exploitation.

Metadata

Severity: critical
Slug: remote-command-execution

CWEs

88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

OWASP

A03:2021: Injection

Available Labs

Open Typescript labs in SecDim Play for this vulnerability.

easy

BadVal.ts

TypeScript Easy

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.