Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-4814 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 14, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commi...Show more A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240506. Affected by this vulnerability is an unknown functionality of the file /view/networkConfig/RouteConfig/StaticRoute/static_route_edit_commit.php. The manipulation of the argument oldipmask/oldgateway leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263935. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4813 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 14, 2024 5.3 MEDIUM· v4 9.8 CRITICAL· v3 6.5 MEDIUM· v2 A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argum...Show more A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240506. Affected is an unknown function of the file /view/networkConfig/physicalInterface/interface_commit.php. The manipulation of the argument name leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-263934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-34921 1Totolink 1X5000r Firmware Apr 4, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 TOTOLINK X5000R v9.1.0cu.2350_B20230313 was discovered to contain a command injection via the disconnectVPN function.
CVE-2024-34210 1Totolink 1Cp450 Firmware Apr 9, 2025 May 14, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK outdoor CPE CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the CloudACMunualUpdate function via the FileName parameter.
CVE-2024-34205 1Totolink 1Cp450 Firmware Apr 9, 2025 May 14, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 TOTOLINK CP450 v4.1.0cu.747_B20191224 was discovered to contain a command injection vulnerability in the download_firmware function.
CVE-2024-2662 1Unlimited Elements 1Unlimited Elements For Elementor Apr 8, 2026 May 14, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of templ...Show more The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to command injection in all versions up to, and including, 1.5.102. This is due to insufficient filtering of template attributes during the creation of HTML for custom widgets This makes it possible for authenticated attackers, with administrator-level access and above, to execute arbitrary commands on the server.Show less
CVE-2023-47709 1Ibm 1Security Guardium Jan 14, 2025 May 14, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Security Guardium 11.3, 11.4, 11.5, and 12.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 271524.
CVE-2022-43654 1Netgear 2Cax30 Firmware Cax30s Firmware Aug 8, 2025 May 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication...Show more NETGEAR CAX30S SSO Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR CAX30S routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the token parameter provided to the sso.php endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-18227.Show less
CVE-2024-33434 - - Apr 3, 2026 May 7, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `...Show more An issue in tiagorlampert CHAOS v5.0.1 before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.Show less
CVE-2024-4582 - - Nov 21, 2024 May 7, 2024 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os comman...Show more A vulnerability classified as critical has been found in Faraday GM8181 and GM828x up to 20240429. Affected is an unknown function of the component NTP Service. The manipulation of the argument ntp_srv leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-263304.Show less
CVE-2024-33112 1Dlink 1Dir 845l Firmware May 21, 2025 May 6, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 D-Link DIR-845L router v1.01KRb03 and before is vulnerable to Command injection via the hnap_main()func.
CVE-2024-4510 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 6, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation...Show more A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/networkConfig/ArpTable/arp_add_commit.php. The manipulation of the argument text_ip_addr/text_mac_addr leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263114 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4509 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 6, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation o...Show more A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/IPV6/naborTable/add_commit.php. The manipulation of the argument ip_addr/mac_addr leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263113 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4508 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 6, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the ar...Show more A vulnerability was found in Ruijie RG-UAC up to 20240428. It has been classified as critical. Affected is an unknown function of the file /view/IPV6/ipv6StaticRoute/static_route_edit_ipv6.php. The manipulation of the argument oldipmask/oldgateway/olddevname leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263112. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4507 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 6, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the a...Show more A vulnerability was found in Ruijie RG-UAC up to 20240428 and classified as critical. This issue affects some unknown processing of the file /view/IPV6/ipv6StaticRoute/static_route_add_ipv6.php. The manipulation of the argument text_prefixlen/text_gateway/devname leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263111. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4506 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 5, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipulation of the argument...Show more A vulnerability has been found in Ruijie RG-UAC up to 20240428 and classified as critical. This vulnerability affects unknown code of the file /view/IPV6/ipv6Addr/ip_addr_edit_commit.php. The manipulation of the argument text_ip_addr/orgprelen/orgname leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263110 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4505 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 5, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240428. This affects an unknown part of the file /view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of the argument prelen/e...Show more A vulnerability, which was classified as critical, was found in Ruijie RG-UAC up to 20240428. This affects an unknown part of the file /view/IPV6/ipv6Addr/ip_addr_add_commit.php. The manipulation of the argument prelen/ethname leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263109 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4504 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 5, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240428. Affected by this issue is some unknown functionality of the file /view/HAconfig/baseConfig/commit.php. The manipulation o...Show more A vulnerability, which was classified as critical, has been found in Ruijie RG-UAC up to 20240428. Affected by this issue is some unknown functionality of the file /view/HAconfig/baseConfig/commit.php. The manipulation of the argument peer_ip/local_ip leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263108. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4503 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 5, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240428. Affected by this vulnerability is an unknown functionality of the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php. The manipulation of th...Show more A vulnerability classified as critical was found in Ruijie RG-UAC up to 20240428. Affected by this vulnerability is an unknown functionality of the file /view/dhcp/dhcpConfig/dhcp_relay_commit.php. The manipulation of the argument interface_from leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263107. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2024-4502 1Ruijie 27Rg Uac 6000 Cc Firmware Rg Uac 6000 E10 FirmwareRg Uac 6000 E10c Firmware+24 more Aug 21, 2025 May 5, 2024 N/A· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName lea...Show more A vulnerability classified as critical has been found in Ruijie RG-UAC up to 20240428. Affected is an unknown function of the file /view/dhcp/dhcpClient/dhcp_client_commit.php. The manipulation of the argument ifName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263106 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less

Previous 1...116117118...299 Next