/vulndb/Remote Code Injection

Remote Code Injection is a vulnerability, which allows an attacker to remotely inject code into an application in order to change its execution flow. The issue typically occurs due to the fact that the application is written in a language, which allows dynamic evaluation of code at runtime.

Attackers are be able to execute arbitrary code expressions. This technique may be used to install server-side backdoors, retrieve confidential data or leverage other vulnerabilities to gain full control over the target application, its environment, database and other adjacent network resources.

Solution

Due to the nature of dynamic programming platforms, it my not be possible to create a comprehensive mechanism, by which you can safely use user-supplied data as input to a dynamically constructed code expressions. It is generally recommended to avoid constructing dynamic code at runtime.

References

http://en.wikipedia.org/wiki/Code_injection