PHP:
Fortify scan flagging as bug in command injection even I applied escapeshellarg() and escapeshellcmd()
Also, I tried the proc_open() with escapeshellarg() and escapeshellcmd() - still flagging as bug in command injection
Examples:
$inp = "input.jpg";
$out = "output.jpg";
$command = "convert ".escapeshellarg($inp)." -resize 70x70 ".escapeshellarg($out)."";
shell_exec(escapeshellcmd($command));
Any suggestions to overcome this bug?
Thanks in advance.
Any suggestions to overcome this bug?
Thanks in advance.