Description

This script is vulnerable to Python code injection. The user input appears to be placed into a dynamically evaluated Python code statement, allowing an attacker to execute arbitrary Python code.

Remediation

Avoid creating Python code by concatenating code with user input. Avoid use of the Python eval command.

References

Related Vulnerabilities