Severity: Critical
Netsparker identified a Blind Command Injection, which occurs when input data is interpreted as an operating system command.
It is a highly critical issue and should be addressed as soon as possible.
In this case, command injection was not obvious, but the different response times from the page based on the injection test allowed Netsparker to identify and confirm the command injection.