OS Command Injection

OS command injection happens when an application directly or indirectly builds operating system commands using untrusted input. If input is not safely handled, attackers may inject additional commands that run with the privileges of the application process. This can result in file disclosure, service disruption, credential exposure, remote shell access, or full server compromise. Secure coding practices include avoiding shell execution, using safe APIs, strict allowlists, and proper input handling.