From: ./gnms-2.1.1/lib/cmd_parse.rb The #{ip} variable isn't properly sanitized and can lead to remote command injection if a malicious user specifies an IP address with shell meta characters like ; and &. 0Command injection via {ip} in ping and other functions. 147- lp="" 148- nmap_version = $config.nmap_vers.to_f() 149- if nmap_version >= 6.0 150: lp=`{$config.nmap_path} -sU -sT {ip} --host_timeout 60 2>/dev/null| grep open | grep "^[0-9]"` 151- else 152- if nmap_version > 0.0 153: lp=`{$config.nmap_path} -sU -sT #{ip} --host_timeout 60000 2>/dev/null| grep open | grep "^[0-9]"` 154- end 155- end 177- Return mac adress of the ip if in local arp table 178- 179-def mac_tablelocal(ip) 180: `ping -c 1 -W 1 #{ip}` 181: lp=`arp -n #{ip} | grep #{ip} | awk {print $3;}` 182- there is no entry 183- if lp.chomp == "--" 184- lp="" 232-def ping (ip) 233: pip=`{$config.ping_path} #{ip} -c 1 -n -W 4 2>/dev/null | grep ^64` 234- return pip!="" 235-end