74
Source: cwe.mitre.org
Published:
<p>This example code intends to take the name of a user and list the contents of that user's directory. It is subject to the first variant of OS command injection.</p> <p>The $userName variable is not checked for malicious input. An attacker could set the $userName variable to an arbitrary OS comman