Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-27483 1Fortinet 2Fortianalyzer Fortimanager Nov 21, 2024 Jul 19, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 thro...Show more A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.Show less
CVE-2022-33891 1Apache 1Spark Oct 23, 2025 Jul 18, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application...Show more The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.Show less
CVE-2022-26482 1Poly 1Eagleeye Director Ii Firmware Nov 21, 2024 Jul 17, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.
CVE-2022-26481 1Poly 4G7500 Firmware Studio X30 FirmwareStudio X50 Firmware+1 more Nov 21, 2024 Jul 17, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request (CSR) action.
CVE-2022-32212 4Debian FedoraprojectNodejs+1 more 4Debian Linux FedoraNode.js+1 more Nov 21, 2024 Jul 14, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP addr...Show more A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.Show less
CVE-2022-28375 1Verizon 1Lvskihp Outdoorunit Firmware Nov 21, 2024 Jul 14, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can...Show more Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root,Show less
CVE-2022-28374 1Verizon 1Lvskihp Outdoorunit Firmware Nov 21, 2024 Jul 14, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the loc...Show more Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root.Show less
CVE-2022-28373 1Verizon 1Lvskihp Indoorunit Firmware Nov 21, 2024 Jul 14, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacke...Show more Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root.Show less
CVE-2022-34753 1Schneider Electric 1Spacelogic C Bus Home Controller Firmware Nov 21, 2024 Jul 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogi...Show more A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. Affected Products: SpaceLogic C-Bus Home Controller (5200WHC2), formerly known as C-Bus Wiser Homer Controller MK2 (V1.31.460 and prior)Show less
CVE-2022-28888 1Spryker 1Cloud Commerce Nov 21, 2024 Jul 13, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Spryker Commerce OS 1.4.2 allows Remote Command Execution.
CVE-2022-22997 1Westerndigital 2My Cloud Home Duo Firmware My Cloud Home Firmware Nov 21, 2024 Jul 12, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.
CVE-2021-36667 1Druva 1Insync Client Nov 21, 2024 Jul 12, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.
CVE-2022-31138 1Mailcow 1Mailcow\ Nov 21, 2024 Jul 11, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly,...Show more mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute arbitrary code. Users should update their mailcow instances with the `update.sh` script in the mailcow root directory to 2022-06a or newer to receive a patch for this issue. As a temporary workaround, the Syncjob ACL can be removed from all mailbox users, preventing changes to those settings.Show less
CVE-2022-31137 1Roxy Wi 1Roxy Wi Nov 21, 2024 Jul 8, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subproces...Show more Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2022-32054 1Tenda 1Ac10 Firmware Nov 21, 2024 Jul 7, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.
CVE-2022-25048 1Control Webpanel 1Webpanel Nov 21, 2024 Jul 7, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
CVE-2022-34597 1Tenda 1Ax1806 Firmware Nov 21, 2024 Jul 6, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
CVE-2022-34596 1Tenda 1Ax1803 Firmware Nov 21, 2024 Jul 6, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.
CVE-2022-34595 1Tenda 1Ax1803 Firmware Nov 21, 2024 Jul 6, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.
CVE-2022-33948 1Kddi 1Home Spot Cube 2 Firmware Nov 21, 2024 Jul 4, 2022 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHC...Show more HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.Show less

Previous 1...175176177...299 Next