All Products
Document Center

Code execution vulnerability

Last Updated: Oct 31, 2017

Note: If the affected URL contains /robots.txt/a.php, or /favicon.ico/a.php, see FastCGI analysis vulnerability.


Code execution vulnerabiliy refers to a critical vulnerability in which the application does not have a security filtering policy on parameters passing in commands. As a result, malicious attackers can control the final command to be executed, and then break into the system and cause serious damage.


Attackers can exploit this vulnerability to execute arbitrary code.


Solution 1

  • Strictly control program parameters, especially for the “&”, “&&”, “|”, “||”, “eval”, and “execute” parameters.

  • Remove direct command execution functions such as “system” from the code, or prohibit passing external incoming parameter values to this type of executable function parameters.

  • If you are using a third-party program, upgrade it to the latest version.

Solution 2

Use an open source vulnerability repair plugin.

Note: This solution requires that the website administrators have programming skills and are capable of modifying server code.