...
A weakness in a privileged program caused by relying on untrusted sources such as the environment (See ENV35ENV06-J. Provide a trusted environment and sanitize all inputs), can result in the execution of a command or a program that has more privileges than those possessed by a typical user. This noncompliant code example shows such a variant of the OS command injection vulnerability.
...