🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Usage of Dangerous Function

This vulnerability arises when an application uses methods or functions known to be unsafe—such as eval() in Python or JavaScript, or system() in C or PHP—especially with user-supplied input. These functions can execute arbitrary code or commands, and if input isn’t strictly controlled, they become a vector for injection attacks or privilege escalation.

Remediation

To mitigate this risk, avoid using dangerous functions entirely when safer alternatives exist. If their use is absolutely necessary, ensure inputs are strictly validated, use allowlists, and isolate execution contexts to limit potential damage.

Metadata

  • Severity: medium
  • Slug: usage-of-dangerous-function

CWEs

  • 749: Exposed Dangerous Method or Function

OWASP

  • A05:2021: Security Misconfiguration

Available Labs

Open Github labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.