Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-30806 1Sangfor 1Next Gen Application Firewall Nov 22, 2025 Oct 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted...Show more The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.Show less
CVE-2023-30805 1Sangfor 1Next Gen Application Firewall Nov 28, 2025 Oct 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted...Show more The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.Show less
CVE-2023-26153 1Geokit 1Geokit Rails Nov 21, 2024 Oct 6, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie va...Show more Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. Note: An attacker can use this vulnerability to execute commands on the host system.Show less
CVE-2023-4401 1Dell 1Smartfabric Storage Software Nov 21, 2024 Oct 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerabi...Show more Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. Show less
CVE-2023-43069 1Dell 1Smartfabric Storage Software Nov 21, 2024 Oct 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injecti...Show more Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. Show less
CVE-2023-43068 1Dell 1Smartfabric Storage Software Nov 21, 2024 Oct 5, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading...Show more Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. Show less
CVE-2023-36618 1Unify 1Session Border Controller Nov 21, 2024 Oct 4, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.
CVE-2023-33273 1Dts 1Monitoring Nov 21, 2024 Oct 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).
CVE-2023-33272 1Dts 1Monitoring Nov 21, 2024 Oct 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind).
CVE-2023-33271 1Dts 1Monitoring Nov 21, 2024 Oct 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).
CVE-2023-33270 1Dts 1Monitoring Nov 21, 2024 Oct 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).
CVE-2023-33269 1Dts 1Monitoring Nov 21, 2024 Oct 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).
CVE-2023-33268 1Dts 1Monitoring Nov 21, 2024 Oct 3, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).
CVE-2023-39222 1Furunosystems 14Acera 1010 Firmware Acera 1020 FirmwareAcera 1110 Firmware+11 more Nov 21, 2024 Oct 3, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending...Show more OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.Show less
CVE-2023-43893 1Netis Systems 1N3m Firmware Nov 21, 2024 Oct 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.
CVE-2023-43892 1Netis Systems 1N3m Firmware Apr 4, 2025 Oct 2, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.
CVE-2023-43890 1Netis Systems 1N3m Firmware Nov 21, 2024 Oct 2, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.
CVE-2023-5301 1Dedecms 1Dedecms Nov 21, 2024 Sep 30, 2023 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command inj...Show more A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.Show less
CVE-2023-26145 1Derrickgilland 1Pydash Nov 21, 2024 Sep 28, 2023 N/A· v4 8.1 HIGH· v3 N/A· v2 This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python o...Show more This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. Note: The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.Show less
CVE-2023-44080 1Pgyer 1Codefever Nov 21, 2024 Sep 27, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.

Previous 1...139140141...299 Next