Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-51245 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In DrayTek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the rename_table function.
CVE-2024-51244 1Draytek 1Vigor3900 Firmware Nov 5, 2024 Nov 1, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doIPSec function.
CVE-2024-10653 - - Nov 4, 2024 Nov 1, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on...Show more IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server.Show less
CVE-2024-8934 - - Nov 1, 2024 Oct 31, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A local user with administrative access rights can enter specialy crafted values for settings at the user interface (UI) of the TwinCAT Package Manager which then causes arbitrary OS commands to be executed.
CVE-2024-36060 - - Nov 1, 2024 Oct 30, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 EnGenius EnStation5-AC A8J-ENS500AC 1.0.0 devices allow blind OS command injection via shell metacharacters in the Ping and Speed Test parameters.
CVE-2024-51568 1Cyberpanel 1Cyberpanel Jul 7, 2025 Oct 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code exe...Show more CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.Show less
CVE-2024-51378 1Cyberpanel 1Cyberpanel Nov 7, 2025 Oct 29, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatu...Show more getresetstatus in dns/views.py and ftp/views.py in CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands via /dns/getresetstatus or /ftp/getresetstatus by bypassing secMiddleware (which is only for a POST request) and using shell metacharacters in the statusfile property, as exploited in the wild in October 2024 by PSAUX. Versions through 2.3.6 and (unpatched) 2.3.7 are affected.Show less
CVE-2024-41153 1Hitachienergy 3Tro610 Firmware Tro620 FirmwareTro670 Firmware Oct 24, 2025 Oct 29, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute comm...Show more Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends.Show less
CVE-2024-22065 1Zte 1Mf258k Pro Firmware Jan 28, 2025 Oct 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary comman...Show more There is a command injection vulnerability in ZTE MF258 Pro product. Due to insufficient validation of Ping Diagnosis interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.Show less
CVE-2024-48826 1Tenda 1Ac7 Firmware Mar 17, 2025 Oct 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda AC7 v.15.03.06.44 ate_iwpriv_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48825 1Tenda 1Ac7 Firmware Mar 17, 2025 Oct 28, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Tenda AC7 v.15.03.06.44 ate_ifconfig_set has pre-authentication command injection allowing remote attackers to execute arbitrary code.
CVE-2024-48074 1Draytek 1Vigor2960 Firmware May 17, 2025 Oct 28, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route...Show more An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function.Show less
CVE-2024-47821 1Pyload 1Pyload Mar 5, 2025 Oct 25, 2024 N/A· v4 2.3 LOW· v3 N/A· v2 pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder...Show more pyLoad is a free and open-source Download Manager. The folder `/.pyload/scripts` has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved in versions prior to 0.5.0b3.dev87. A file can be downloaded to such a folder by changing the download folder to a folder in `/scripts` path and using the `/flashgot` API to download the file. This vulnerability allows an attacker with access to change the settings on a pyload server to execute arbitrary code and completely compromise the system. Version 0.5.0b3.dev87 fixes this issue.Show less
CVE-2024-37845 1Radixiot 1Mango Nov 4, 2024 Oct 25, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature.
CVE-2024-48459 - - Oct 29, 2024 Oct 25, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit thi...Show more A command execution vulnerability exists in the AX2 Pro home router produced by Shenzhen Tenda Technology Co., Ltd. (Jixiang Tenda) v.DI_7003G-19.12.24A1V16.03.29.50;V16.03.29.50;V16.03.29.50. An attacker can exploit this vulnerability by constructing a malicious payload to execute commands and further obtain shell access to the router's file system with the highest privileges.Show less
CVE-2024-49380 1Plenti 1Plenti May 6, 2025 Oct 25, 2024 8.9 HIGH· v4 7.5 HIGH· v3 N/A· v2 Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their webs...Show more Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.Show less
CVE-2024-45242 - - Oct 28, 2024 Oct 24, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an op...Show more EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions.Show less
CVE-2024-48964 1Snyk 1Snyk Cli Oct 30, 2024 Oct 23, 2024 7.5 HIGH· v4 8.8 HIGH· v3 N/A· v2 The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper hand...Show more The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.Show less
CVE-2024-48963 1Snyk 1Snyk Cli Oct 30, 2024 Oct 23, 2024 7.5 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handlin...Show more The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working directory name. Snyk recommends only scanning trusted projects.Show less
CVE-2024-20424 1Cisco 1Secure Firewall Management Center Nov 1, 2024 Oct 23, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arb...Show more A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system as root. This vulnerability is due to insufficient input validation of certain HTTP requests. An attacker could exploit this vulnerability by authenticating to the web-based management interface of an affected device and then sending a crafted HTTP request to the device. A successful exploit could allow the attacker to execute arbitrary commands with root permissions on the underlying operating system of the Cisco FMC device or to execute commands on managed Cisco Firepower Threat Defense (FTD) devices. To exploit this vulnerability, the attacker would need valid credentials for a user account with at least the role of Security Analyst (Read Only).Show less

Previous 1...100101102...299 Next