Text this: Quantitative assessment on remote code execution vulnerability in web apps