4. Command Injection via Insecure Wrappers
4. Command Injection via Insecure Wrappers
Improperly validated inputs sent to shell commands (e.g., os.system()) allow RCE.
Example:
os.system(user_input)
Mitigation:
- Use subprocess.run([…]) safely
- Apply allowlists and input validation