Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,952)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-2030 1Paloaltonetworks 1Pan Os Nov 21, 2024 Jul 8, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than...Show more An OS Command Injection vulnerability in the PAN-OS management interface that allows authenticated administrators to execute arbitrary OS commands with root privileges. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.15; and all versions of PAN-OS 7.1 and PAN-OS 8.0. This issue does not impact PAN-OS 9.0, PAN-OS 9.1, or Prisma Access services.Show less
CVE-2020-5352 1Dell 1Emc Data Protection Advisor Nov 21, 2024 Jul 6, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system.
CVE-2020-8188 1Ui 1Unifi Protect Firmware Nov 21, 2024 Jul 2, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13....Show more We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.Show less
CVE-2020-15489 1Wavlink 1Wl Wn530hg4 Firmware Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.
CVE-2019-15311 1Linkplay 1Linkplay Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp en...Show more An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command execution vulnerabilities.Show less
CVE-2019-15310 1Linkplay 1Linkplay Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Lin...Show more An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When combined with an OS command injection vulnerability within the XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.Show less
CVE-2020-7688 1Mversion Project 1Mversion Nov 21, 2024 Jul 1, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 The issue occurs because tagName user input is formatted inside the exec function is executed without any checks.
CVE-2020-13619 1Locutus 1Locutus Php Nov 21, 2024 Jul 1, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.
CVE-2020-14947 1Factorfx 1Open Computer Software Inventory Next Generation Nov 21, 2024 Jun 30, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 OCS Inventory NG 2.7 allows Remote Command Execution via shell metacharacters to require/commandLine/CommandLine.php because mib_file in plugins/main_sections/ms_config/ms_snmp_config.php is mishandled in get_mib_oid.
CVE-2020-15415 1Draytek 3Vigor2960 Firmware Vigor300b FirmwareVigor3900 Firmware Nov 7, 2025 Jun 30, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type...Show more On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472.Show less
CVE-2020-15362 1Thingssdk 1Wifiscanner Nov 21, 2024 Jun 29, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to exec...Show more wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection because it can be used with options to overwrite the default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.Show less
CVE-2020-14414 1Nedi 1Nedi Nov 21, 2024 Jun 29, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contain...Show more NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)Show less
CVE-2020-14412 1Nedi 1Nedi Nov 21, 2024 Jun 29, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) th...Show more NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST request. An attacker can exploit this by crafting an arbitrary payload (any system commands) that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)Show less
CVE-2020-14072 1Mk Auth 1Mk Auth Nov 21, 2024 Jun 29, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in MK-AUTH 19.01. It allows command execution as root via shell metacharacters to /auth admin scripts.
CVE-2019-16213 1Tendacn 1Pa6 Firmware Nov 21, 2024 Jun 25, 2020 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an a...Show more Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially crafted string, an attacker could modify the device name of an attached PLC adapter to inject and execute arbitrary commands on the system with root privileges.Show less
CVE-2020-13159 1Articatech 1Artica Proxy Nov 21, 2024 Jun 22, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
CVE-2019-14894 1Redhat 1Cloudforms Management Engine Nov 21, 2024 Jun 22, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console...Show more A flaw was found in the CloudForms management engine version 5.10 and CloudForms management version 5.11, which triggered remote code execution through NFS schedule backup. An attacker logged into the management console could use this flaw to execute arbitrary shell commands on the CloudForms server as root.Show less
CVE-2020-4066 1Limdu Project 1Limdu Nov 21, 2024 Jun 22, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This...Show more In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.Show less
CVE-2020-14950 1Aapanel 1Aapanel Nov 21, 2024 Jun 21, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware S...Show more aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setting menu of Sotfware Store.Show less
CVE-2020-3336 1Cisco 2Roomos Telepresence Collaboration Endpoint Nov 21, 2024 Jun 18, 2020 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of...Show more A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.Show less

Previous 1...225226227...298 Next