Command Injection

Command injection occurs when an application passes user-controlled input into operating system commands without proper validation, escaping, or separation of arguments. Attackers may exploit this weakness to read files, execute commands, access environment variables, modify data, or compromise the underlying server. In bug bounty and penetration testing workflows, command injection is treated as high risk because it can quickly escalate from application-level weakness to server-level compromise.