Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,964)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-23380 1Roar Pidusage Project 1Roar Pidusage Nov 21, 2024 Apr 18, 2021 N/A· v4 7.3 HIGH· v3 7.5 HIGH· v2 This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary comman...Show more This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-23379 1Portkiller Project 1Portkiller Nov 21, 2024 Apr 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without i...Show more This affects all versions of package portkiller. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-23378 1Picotts Project 1Picotts Nov 21, 2024 Apr 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec fun...Show more This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-23377 1Onion Oled Js Project 1Onion Oled Js Nov 21, 2024 Apr 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process...Show more This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-23376 1Ffmpegdotjs Project 1Ffmpegdotjs Nov 21, 2024 Apr 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_proces...Show more This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-23375 1Psnode Project 1Psnode Nov 21, 2024 Apr 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec fun...Show more This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2021-23374 1Ps Visitor Project 1Ps Visitor Nov 21, 2024 Apr 18, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec...Show more This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.Show less
CVE-2020-2509 1Qnap 2Qts Quts Hero Oct 27, 2025 Apr 17, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vu...Show more A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later QTS 4.5.1.1495 Build 20201123 and later QTS 4.3.6.1620 Build 20210322 and later QTS 4.3.4.1632 Build 20210324 and later QTS 4.3.3.1624 Build 20210416 and later QTS 4.2.6 Build 20210327 and later QuTS hero h4.5.1.1491 build 20201119 and laterShow less
CVE-2021-27692 1Tendacn 2G1 Firmware G3 Firmware Nov 21, 2024 Apr 16, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request....Show more Command Injection in Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted "action/umountUSBPartition" request. This occurs because the "formSetUSBPartitionUmount" function executes the "doSystemCmd" function with untrusted input.Show less
CVE-2021-27691 1Tendacn 3G0 Firmware G1 FirmwareG3 Firmware Nov 21, 2024 Apr 16, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote att...Show more Command Injection in Tenda G0 routers with firmware versions v15.11.0.6(9039)_CN and v15.11.0.5(5876)_CN , and Tenda G1 and G3 routers with firmware versions v15.11.0.17(9502)_CN or v15.11.0.16(9024)_CN allows remote attackers to execute arbitrary OS commands via a crafted action/setDebugCfg request. This occurs because the "formSetDebugCfg" function executes glibc's system function with untrusted input.Show less
CVE-2021-29449 1Pi Hole 1Pi Hole Apr 6, 2026 Apr 14, 2021 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security...Show more Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.Show less
CVE-2021-27710 1Totolink 2A720r Firmware X5000r Firmware Nov 21, 2024 Apr 14, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modif...Show more Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "ip" parameter is directly passed to the attacker, allowing them to control the "ip" field to attack the OS.Show less
CVE-2021-27708 1Totolink 2A720r Firmware X5000r Firmware Nov 21, 2024 Apr 14, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modif...Show more Command Injection in TOTOLINK X5000R router with firmware v9.1.0u.6118_B20201102, and TOTOLINK A720R router with firmware v4.1.5cu.470_B20200911 allows remote attackers to execute arbitrary OS commands by sending a modified HTTP request. This occurs because the function executes glibc's system function with untrusted input. In the function, "command" parameter is directly passed to the attacker, allowing them to control the "command" field to attack the OS.Show less
CVE-2021-27252 1Netgear 43Br200 Firmware Br500 FirmwareD7800 Firmware+40 more Nov 21, 2024 Apr 14, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The speci...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the vendor_specific DHCP opcode. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-12216.Show less
CVE-2021-27249 1Dlink 1Dap 2020 Firmware Nov 21, 2024 Apr 14, 2021 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. Th...Show more This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 v1.01rc001 Wi-Fi access points. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of CGI scripts. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-11369.Show less
CVE-2021-27113 1Dlink 1Dir 816 Firmware Nov 21, 2024 Apr 14, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Inje...Show more An issue was discovered in D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/addRouting route. This could lead to Command Injection via Shell Metacharacters.Show less
CVE-2020-27227 1Openclinic Ga Project 1Openclinic Ga Nov 21, 2024 Apr 13, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters con...Show more An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially crafted web requests can cause commands to be executed on the server. An attacker can send a web request with parameters containing specific parameter to trigger this vulnerability, potentially allowing exfiltration of the database, user credentials and compromise underlying operating system.Show less
CVE-2021-29003 1Genexis 1Platinum 4410 Firmware Nov 21, 2024 Apr 13, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60...Show more Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.Show less
CVE-2021-29379 1Dlink 1Dir 802 Firmware Nov 21, 2024 Apr 12, 2021 N/A· v4 8.8 HIGH· v3 5.8 MEDIUM· v2 An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Ta...Show more An issue was discovered on D-Link DIR-802 A1 devices through 1.00b05. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2021-21433 1Demon1a 1Discord Recon Nov 21, 2024 Apr 9, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious is...Show more Discord Recon Server is a bot that allows you to do your reconnaissance process from your Discord. Remote code execution in version 0.0.1 would allow remote users to execute commands on the server resulting in serious issues. This flaw is patched in 0.0.2.Show less

Previous 1...207208209...299 Next