CWE-78
5,953 CVEs • Abstraction: Base • Likelihood of Exploit: High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVEs (5,953)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. |
1Cisco 1Data Center Network Manager Nov 21, 2024 Jul 31, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to inject arbitrary commands on the affected device. The vulnerability is due to...Show more |
An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell meta...Show more |
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address). |
1Grandstream 6Ht801 Firmware Ht802 FirmwareHt812 Firmware+3 moreNov 21, 2024 Jul 29, 2020 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configura...Show more |
This affects the package Gerapy from 0 and before 0.9.3. The input being passed to Popen, via the project_configure endpoint, isn’t being sanitized. |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Centos Webpanel 1Centos Web Panel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |
1Control Webpanel 1Webpanel Nov 21, 2024 Jul 28, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists...Show more |