Commerce Script Injection

Server script injection, or remote code execution, is a class of attack where maliciously crafted input is run in a privileged code execution context. This class of attack lets an attacker control the code executed on the server.

Script injection is possible when a script interprets part or all of an unsafe or untrusted data input as code, or a snippet of code, and runs it. The most common error that results in code injection vulnerability is to call the global method eval( string ) with an argument tainted with untrusted data. The eval method executes the passed string as a script expression. This method is deprecated and should be avoided because of the inherent security risk.

X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.