Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-30329 1Trendnet 1Tew 831dr Firmware Nov 21, 2024 Jun 16, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands.
CVE-2022-30023 1Tenda 1Hg9 Firmware Nov 21, 2024 Jun 16, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.
CVE-2022-33140 1Apache 2Nifi Nifi Registry Nov 21, 2024 Jun 15, 2022 N/A· v4 8.8 HIGH· v3 6.0 MEDIUM· v2 The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on...Show more The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments.Show less
CVE-2022-31311 1Wavlink 1Aerial X 1200m Firmware Nov 21, 2024 Jun 14, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2022-31446 1Tendacn 1Ac18 Firmware Nov 21, 2024 Jun 14, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.
CVE-2022-30311 1Festo 8Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Mv FirmwareController Cecc X M1 Y Yjkp Firmware+5 more Nov 21, 2024 Jun 13, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with...Show more In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.Show less
CVE-2022-30310 1Festo 8Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Mv FirmwareController Cecc X M1 Y Yjkp Firmware+5 more Nov 21, 2024 Jun 13, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with...Show more In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.Show less
CVE-2022-30309 1Festo 8Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Mv FirmwareController Cecc X M1 Y Yjkp Firmware+5 more Nov 21, 2024 Jun 13, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system command...Show more In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.Show less
CVE-2022-30308 1Festo 8Controller Cecc X M1 Mv S1 Firmware Controller Cecc X M1 Mv FirmwareController Cecc X M1 Y Yjkp Firmware+5 more Nov 21, 2024 Jun 13, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands...Show more In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.Show less
CVE-2021-41738 1Zeroshell 1Zeroshell Nov 21, 2024 Jun 11, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.
CVE-2022-1986 1Gogs 1Gogs Nov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
CVE-2019-25066 1Ajenti 1Ajenti Nov 21, 2024 Jun 9, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remote...Show more A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component.Show less
CVE-2019-25065 1Opennetadmin 1Opennetadmin Nov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely....Show more A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2022-29013 1Razer 1Sila Firmware Nov 21, 2024 Jun 9, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.
CVE-2022-1703 1Sonicwall 3Sma 210 Firmware Sma 410 FirmwareSma 500v Firmware Nov 21, 2024 Jun 8, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vul...Show more Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.Show less
CVE-2022-24065 2Cookiecutter Project Fedoraproject 2Cookiecutter Fedora Nov 21, 2024 Jun 8, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout co...Show more The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection.Show less
CVE-2021-35531 1Hitachienergy 1Txpert Hub Coretec 4 Firmware Nov 21, 2024 Jun 7, 2022 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights...Show more Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1.Show less
CVE-2022-31486 2Carrier Hidglobal 14Ep4502 Firmware Lenels2 Lnl 4420 FirmwareLenels2 Lnl X2210 Firmware+11 more Nov 21, 2024 Jun 6, 2022 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1...Show more An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable.Show less
CVE-2022-31479 2Carrier Hidglobal 14Ep4502 Firmware Lenels2 Lnl 4420 FirmwareLenels2 Lnl X2210 Firmware+11 more Nov 21, 2024 Jun 6, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mer...Show more An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem.Show less
CVE-2021-42890 1Totolink 1Ex1200t Firmware Nov 21, 2024 Jun 3, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack.

Previous 1...177178179...299 Next