EPSS
Percentile
75.7%
mikehaertl/php-shellcommand is vulnerable to OS command injection. The addArg() function in src/Command.php does not escape all arguments, allowing an attacker to inject arbitrary OS commands.
addArg()
src/Command.php
github.com/mikehaertl/php-shellcommand/issues/44
github.com/mikehaertl/php-shellcommand/pull/45