Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-21809 1Moodle 1Moodle Nov 21, 2024 Jun 23, 2021 N/A· v4 9.1 CRITICAL· v3 9.0 HIGH· v2 A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges...Show more A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.Show less
CVE-2021-31769 1Myq Solution 1Myq Server Nov 21, 2024 Jun 21, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature i...Show more MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component.Show less
CVE-2020-25755 1Enphase 1Envoy Firmware Nov 21, 2024 Jun 16, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force par...Show more An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.Show less
CVE-2021-32682 1Std42 1Elfinder Nov 21, 2024 Jun 14, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands o...Show more elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed without authentication.Show less
CVE-2021-32556 1Canonical 1Apport Nov 21, 2024 Jun 12, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 It was discovered that the get_modified_conffiles() function in backends/packaging-apt-dpkg.py allowed injecting modified package names in a manner that would confuse the dpkg(1) call.
CVE-2021-33358 1Raspap 1Raspap Nov 21, 2024 Jun 9, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables a...Show more Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands.Show less
CVE-2021-33357 1Raspap 1Raspap Nov 21, 2024 Jun 9, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated att...Show more A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS commands.Show less
CVE-2021-33841 1Circutor 1Sge Plc1000 Firmware Nov 21, 2024 Jun 9, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject code into the operating system with maximum privileges.
CVE-2021-20731 1Buffalo 2Wsr 1166dhp3 Firmware Wsr 1166dhp4 Firmware Nov 21, 2024 Jun 9, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.
CVE-2021-26472 1Vembu 2Bdr Suite Offsite Dr Nov 21, 2024 Jun 8, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary O...Show more In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.Show less
CVE-2021-32673 1Reg Keygen Git Hash Project 1Reg Keygen Git Hash Nov 21, 2024 Jun 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary...Show more reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including 0.10.15 allow remote attackers to execute of arbitrary commands. Upgrade to version 0.10.16 or later to resolve this issue.Show less
CVE-2021-28811 1Roonlabs 1Roon Server Nov 21, 2024 Jun 8, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. Roon Labs has already fixed this vulnerability in the following versions: Roon Server 2021-05-18 and later
CVE-2021-1538 1Cisco 1Common Services Platform Collector Nov 21, 2024 Jun 4, 2021 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitiz...Show more A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root.Show less
CVE-2021-24023 1Fortinet 1Fortiai Firmware Nov 21, 2024 Jun 3, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An improper input validation in FortiAI v1.4.0 and earlier may allow an authenticated user to gain system shell access via a malicious payload in the "diagnose" command.
CVE-2021-28812 1Qnap 1Video Station Nov 21, 2024 Jun 3, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems In...Show more A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3.Show less
CVE-2021-22123 1Fortinet 1Fortiweb Nov 21, 2024 Jun 1, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the...Show more An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page.Show less
CVE-2020-26670 1Bigtreecms 1Bigtree Cms Nov 21, 2024 Jun 1, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' funct...Show more A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to execute arbitrary commands through a crafted request sent to the server via the 'Create a New Setting' function.Show less
CVE-2021-3515 12ndquadrant 1Pglogical Nov 21, 2024 Jun 1, 2021 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as t...Show more A shell injection flaw was found in pglogical in versions before 2.3.4 and before 3.6.26. An attacker with CREATEDB privileges on a PostgreSQL server can craft a database name that allows execution of shell commands as the postgresql user when calling pglogical.create_subscription().Show less
CVE-2021-24312 1Automattic 1Wp Super Cache Nov 21, 2024 Jun 1, 2021 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they...Show more The parameters $cache_path, $wp_cache_debug_ip, $wp_super_cache_front_page_text, $cache_scheduled_time, $cached_direct_pages used in the settings of WP Super Cache WordPress plugin before 1.7.3 result in RCE because they allow input of '$' and '\n'. This is due to an incomplete fix of CVE-2021-24209.Show less
CVE-2021-20026 1Sonicwall 1Network Security Manager Nov 21, 2024 May 27, 2021 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions.

Previous 1...203204205...299 Next