OS command argument injections occur when applications allow the execution of
operating system commands from untrusted data but the untrusted data is limited
to the arguments. +
It is not possible to directly inject arbitrary commands that
compromise the underlying operating system, but the behavior of the executed
command still might be influenced in a way that allows to expand access, for
example, execution of arbitrary commands. The security of the application
depends on the behavior of the application that is executed.