Shell Exec

Shell execution in PHP runs operating system commands from PHP code. Functions include shell_exec(), exec(), system(), passthru(), popen(), and the backtick operator.

Using shell commands with user-supplied input without proper escaping is a critical security vulnerability enabling Remote Code Execution (RCE). Always use escapeshellarg() or escapeshellcmd() when building shell commands, or prefer purpose-built PHP functions.

<?php

// Dangerous: user input in shell command
$file = $_GET['file'];
$output = shell_exec('cat ' . $file); // RCE vulnerability

// Safe: escape the argument
$file = escapeshellarg($_GET['file']);
$output = shell_exec('cat ' . $file);

?>

Documentation

See also shell_exec(), escapeshellarg() and Command injection.

Related : shell_exec(), Shell, exec, Remote Code Execution (RCE), Security, System Call, Execution, SplSubject