One of the scariest places where an injection vulnerability can hit is operating system commands. The consequence is almost always the complete takeover of the server by the attacker. However, these vulnerabilities are quite often found when an application uses command-line tools behind the scenes.