Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,953)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-3457 1Cisco 3Adaptive Security Appliance Software Firepower Extensible Operating SystemFirepower Threat Defense Nov 21, 2024 Oct 21, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validatio...Show more A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.Show less
CVE-2020-5791 1Nagios 1Nagios Xi Nov 21, 2024 Oct 20, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-13778 1Rconfig 1Rconfig Nov 21, 2024 Oct 19, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php.
CVE-2020-14144 1Gitea 1Gitea Nov 21, 2024 Oct 16, 2020 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of...Show more The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.Show less
CVE-2020-25859 1Qualcomm 1Qcmap Nov 21, 2024 Oct 15, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with she...Show more The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system() call without validating the input, while handling a SetGatewayUrl() request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAP_CLI can be run via sudo or setuid, this also allows elevating privileges to root. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers.Show less
CVE-2020-6364 1Sap 1Introscope Enterprise Manager Nov 21, 2024 Oct 15, 2020 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over...Show more SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.Show less
CVE-2020-17406 1Microhardcorp 1Bullet Lte Firmware Nov 21, 2024 Oct 13, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw ex...Show more This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microhard Bullet-LTE prior to v1.2.0-r1112. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the ping parameter provided to tools.sh. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-10595.Show less
CVE-2020-3602 1Cisco 1Staros Nov 21, 2024 Oct 8, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insuffic...Show more A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user on the affected device. To exploit this vulnerability, an attacker would need to have valid credentials on an affected device and know the password for the cli test-commands command.Show less
CVE-2020-3601 1Cisco 1Staros Nov 21, 2024 Oct 8, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insuffic...Show more A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. The vulnerability is due to insufficient input validation of CLI commands. An attacker could exploit this vulnerability by sending crafted commands to the CLI. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the root user. To exploit this vulnerability, an attacker would need to have valid administrative credentials on an affected device.Show less
CVE-2020-26582 1Dlink 1Dap 1360u Firmware Nov 21, 2024 Oct 6, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).
CVE-2020-14293 1Secudos 1Domos Nov 21, 2024 Oct 2, 2020 N/A· v4 7.5 HIGH· v3 8.5 HIGH· v2 conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).
CVE-2020-12124 1Wavlink 1Wn530h4 Firmware Nov 21, 2024 Oct 2, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.
CVE-2020-7735 1Ng Packagr Project 1Ng Packagr Nov 21, 2024 Sep 25, 2020 N/A· v4 6.6 MEDIUM· v3 6.5 MEDIUM· v2 The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.
CVE-2020-25223 1Sophos 1Unified Threat Management Nov 7, 2025 Sep 25, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
CVE-2020-3417 1Cisco 1Ios Xe Nov 21, 2024 Sep 24, 2020 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scrip...Show more A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.Show less
CVE-2020-3403 1Cisco 1Ios Xe Nov 21, 2024 Sep 24, 2020 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the d...Show more A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.Show less
CVE-2020-24365 1Gemteks 2Wrtm 127acn Firmware Wrtm 127x9 Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Co...Show more An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)Show less
CVE-2020-16148 1Telmat 3Accesslog Firmware Educ@box FirmwareGit@box Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
CVE-2020-16147 1Telmat 3Accesslog Firmware Educ@box FirmwareGit@box Firmware Nov 21, 2024 Sep 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
CVE-2020-11699 1Titanhq 1Spamtitan Nov 21, 2024 Sep 17, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated be...Show more An issue was discovered in Titan SpamTitan 7.07. Improper validation of the parameter fname on the page certs-x.php would allow an attacker to execute remote code on the target server. The user has to be authenticated before interacting with this page.Show less

Previous 1...219220221...298 Next