” is an attack technique used to exploit web sites by executing
Operating System commands through manipulation of application input.
When a web application does not properly sanitize
user-supplied input before using it within application code, it may be
possible to trick the application into executing Operating System
commands. The executed commands will run with the same permissions of
the component that executed the command (e.g. Database server, Web
application server, Web server, etc.).” –Web Application Security Consortium Threat Classification
