Symfony vulnerable to command execution hijack on Windows with Process class
On Window, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijacking.