CWE-78
5,964 CVEs • Abstraction: Base • Likelihood of Exploit: High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVEs (5,964)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 May 16, 2022 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to C...Show more |
1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 May 16, 2022 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to C...Show more |
1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 May 16, 2022 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to C...Show more |
1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 May 16, 2022 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to C...Show more |
1Arubanetworks 1Clearpass Policy Manager Nov 21, 2024 May 16, 2022 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to C...Show more |
1Feminer Wms Project 1Feminer Wms Nov 21, 2024 May 16, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. |
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anac...Show more |
1Inhandnetworks 1Ir302 Firmware Nov 21, 2024 May 12, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacke...Show more |
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attack...Show more |
1Inhandnetworks 1Ir302 Firmware Nov 21, 2024 May 12, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an...Show more |
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attack...Show more |
1Inhandnetworks 1Ir302 Firmware Nov 21, 2024 May 12, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send...Show more |
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence...Show more |
1Contec 1Sv Cpt Mc310 Firmware Nov 3, 2025 May 12, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. |
resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an...Show more |
1Zyxel 16Atp100 Firmware Atp100w FirmwareAtp200 Firmware+13 moreOct 27, 2025 May 12, 2022 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00...Show more |
1Checkpoint 2Gaia Os Gaia PortalNov 21, 2024 May 11, 2022 N/A· v4 6.7 MEDIUM· v3 6.9 MEDIUM· v2 The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS. |
1Ibm 1Infosphere Information Server On Cloud Nov 21, 2024 May 10, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. |
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. |