vulnerability code injection (cwe-94)
severity 7.7
language python
registry other

✍️ Description

python-tools is using an unsecure input function in Given that the script can be run using python2 or python3, if you feed the program with a python command and the python interpreter is python2, then the interpreter will eval() your input

🕵️‍♂️ Proof of Concept

Run Then when asked to enter an input, enter the following


💥 Impact

Code execution. Please raw_input instead.