CrowdStrike Alert - Detection of Perl Script Execution

[RevLaw]

Describe the bug

The Perl execution command in the codebase is triggering a CrowdStrike security alert for potential "Persistence via Web Shell" behavior. The concerning code is located at:

memories/lib/Service/BinExt.php

Line 463 in 98a12d2

return shell_exec("{$path} -e 'print $^V;'") ?: 'unknown version';

I don't know how to fix it, or if it's even possible. But can you check the code to see if you can make the execution safer?
Maybe you can replace it with another command?

Steps To Reproduce

1. Install the Memories plugin in Nextcloud
2. Run the plugin
3. Observe CrowdStrike alert triggered by Perl execution

Platform

- OS: Docker - Oracle Linux
- Browser: Chrome
- Memories Version: 7.4.1
- Nextcloud Version: 31
- PHP Version: 8

Screenshots

Additional context

No response

[pulsejet]

I don't know if that'll fix the warning, but these should definitely be using exec, not shell 👍🏻