It can be used remote. If you're also running a vulnerable web application that allows command injection. Sure fire way of getting your box pwned.vivek said:Also, this is local and not remote one. Another good reason not to give user shell access until and unless they have rock solid requirements.