Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-45741 1Buffalo 1Vr S1000 Firmware Nov 21, 2024 Dec 26, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.
CVE-2022-39818 1Nokia 1Network Functions Manager For Transport Nov 21, 2024 Dec 25, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privilege...Show more In NOKIA NFM-T R19.9, an OS Command Injection vulnerability occurs in /cgi-bin/R19.9/log.pl of the VM Manager WebUI via the cmd HTTP GET parameter. This allows authenticated users to execute commands, with root privileges, on the operating system.Show less
CVE-2023-7093 1Kylinos 1Kylin System Updater Nov 21, 2024 Dec 25, 2023 N/A· v4 7.8 HIGH· v3 4.3 MEDIUM· v2 A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDb...Show more A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-7002 1Backupbliss 1Backup Migration Apr 8, 2026 Dec 23, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-...Show more The Backup Migration plugin for WordPress is vulnerable to OS Command Injection in all versions up to, and including, 1.3.9 via the 'url' parameter. This vulnerability allows authenticated attackers, with administrator-level permissions and above, to execute arbitrary commands on the host operating system.Show less
CVE-2023-51035 1Totolink 1Ex1200l Firmware Nov 21, 2024 Dec 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.
CVE-2023-51033 1Totolink 1Ex1200l Firmware Nov 21, 2024 Dec 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOlink EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution via the cstecgi.cgi setOpModeCfg interface.
CVE-2023-50147 1Totolink 1A3700r Firmware Nov 21, 2024 Dec 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 There is an arbitrary command execution vulnerability in the setDiagnosisCfg function of the cstecgi .cgi of the TOTOlink A3700R router device in its firmware version V9.1.2u.5822_B20200513.
CVE-2023-51028 1Totolink 1Ex1800t Firmware Nov 21, 2024 Dec 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 TOTOLINK EX1800T 9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the apcliChannel parameter of the setWiFiExtenderConfig interface of the cstecgi.cgi.
CVE-2023-50993 1Ruijie 2Rg Ws6008 Firmware Rg Ws6108 Firmware Nov 21, 2024 Dec 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Ruijie WS6008 v1.x v2.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 and WS6108 v1.x AC_RGOS11.9(6)W3B2_G2C6-01_10221911 was discovered to contain a command injection vulnerability via the function downFiles.
CVE-2023-35895 1Ibm 1Informix Jdbc Nov 21, 2024 Dec 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 259116.
CVE-2023-0011 1U Blox 5Toby L200 Firmware Toby L201 FirmwareToby L210 Firmware+2 more Nov 21, 2024 Dec 20, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the mo...Show more A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. This vulnerability requires physical access to the serial interface of the module or the ability to modify the system or software which uses its serial interface to send malicious AT commands. Exploitation of the vulnerability gives full administrative (root) privileges to the attacker to execute any operating system command on TOBY-L2 which can lead to modification of the behavior of the module itself as well as the components connected with it (depending on its rights on other connected systems). It can further provide the ability to read system level files and hamper the availability of the module as well.. This issue affects TOBY-L2 series: TOBY-L200, TOBY-L201, TOBY-L210, TOBY-L220, TOBY-L280. Show less
CVE-2023-50466 1Weintek 1Cmt2078x Firmware Nov 21, 2024 Dec 19, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload int...Show more An authenticated command injection vulnerability in Weintek cMT2078X easyweb Web Version v2.1.3, OS v20220215 allows attackers to execute arbitrary code or access sensitive information via injecting a crafted payload into the HMI Name parameter.Show less
CVE-2019-25158 1Pedroetb 1Tts Api Nov 21, 2024 Dec 19, 2023 N/A· v4 9.8 CRITICAL· v3 5.2 MEDIUM· v2 A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgradin...Show more A vulnerability has been found in pedroetb tts-api up to 2.1.4 and classified as critical. This vulnerability affects the function onSpeechDone of the file app.js. The manipulation leads to os command injection. Upgrading to version 2.2.0 is able to address this issue. The patch is identified as 29d9c25415911ea2f8b6de247cb5c4607d13d434. It is recommended to upgrade the affected component. VDB-248278 is the identifier assigned to this vulnerability.Show less
CVE-2023-51385 2Debian Openbsd 2Debian Linux Openssh May 12, 2026 Dec 18, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git...Show more In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.Show less
CVE-2023-6901 1Codelyfe 1Stupid Simple Cms Nov 21, 2024 Dec 17, 2023 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. Th...Show more A vulnerability, which was classified as critical, was found in codelyfe Stupid Simple CMS up to 1.2.3. This affects an unknown part of the file /terminal/handle-command.php of the component HTTP POST Request Handler. The manipulation of the argument command with the input whoami leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248259.Show less
CVE-2023-6895 1Hikvision 1Intercom Broadcast System Nov 21, 2024 Dec 17, 2023 N/A· v4 9.8 CRITICAL· v3 5.8 MEDIUM· v2 A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of th...Show more A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.Show less
CVE-2021-42796 1Aveva 1Edge Nov 21, 2024 Dec 16, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in ExecuteCommand() in AVEVA Edge (formerly InduSoft Web Studio) versions R2020 and prior that allows unauthenticated arbitrary commands to be executed.
CVE-2023-48380 1Softnext 1Mail Sqr Expert Nov 21, 2024 Dec 15, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to...Show more Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. A remote attacker authenticated as a localhost can exploit this vulnerability to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.Show less
CVE-2023-48668 1Dell 1Powerprotect Data Domain Management Center Nov 21, 2024 Dec 14, 2023 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially e...Show more Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 on DDMC contain an OS command injection vulnerability in an admin operation. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the managed system application's underlying OS with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker on a managed system of DDMC. Show less
CVE-2023-48667 1Dell 5Apex Protection Storage Emc Data Domain OsPowerprotect Data Domain+2 more Nov 21, 2024 Dec 14, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit t...Show more Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an OS command injection vulnerability in administrator CLI. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS to bypass security restriction. Exploitation may lead to a system take over by an attacker. Show less

Previous 1...132133134...299 Next