Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,947)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-16718 1Radare 1Radare2 Nov 21, 2024 Sep 23, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the vi...Show more In radare2 before 3.9.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables.Show less
CVE-2019-15000 1Atlassian 1Bitbucket Nov 21, 2024 Sep 19, 2019 N/A· v4 9.8 CRITICAL· v3 6.8 MEDIUM· v2 The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1...Show more The commit diff rest endpoint in Bitbucket Server and Data Center before 5.16.10 (the fixed version for 5.16.x ), from 6.0.0 before 6.0.10 (the fixed version for 6.0.x), from 6.1.0 before 6.1.8 (the fixed version for 6.1.x), from 6.2.0 before 6.2.6 (the fixed version for 6.2.x), from 6.3.0 before 6.3.5 (the fixed version for 6.3.x), from 6.4.0 before 6.4.3 (the fixed version for 6.4.x), and from 6.5.0 before 6.5.2 (the fixed version for 6.5.x) allows remote attackers who have permission to access a repository, if public access is enabled for a project or repository then attackers are able to exploit this issue anonymously, to read the contents of arbitrary files on the system and execute commands via injecting additional arguments into git commands.Show less
CVE-2019-16057 1Dlink 1Dns 320 Firmware Nov 6, 2025 Sep 16, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.
CVE-2019-5485 1Gitlabhook Project 1Gitlabhook Nov 21, 2024 Sep 13, 2019 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
CVE-2019-5315 1Arubanetworks 1Arubaos Nov 21, 2024 Sep 13, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could...Show more A command injection vulnerability is present in the web management interface of ArubaOS that permits an authenticated user to execute arbitrary commands on the underlying operating system. A malicious administrator could use this ability to install backdoors or change system configuration in a way that would not be logged. This vulnerability only affects ArubaOS 8.x.Show less
CVE-2019-16293 1Opmantek 1Open Audit Nov 21, 2024 Sep 13, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The Create Discoveries feature of Open-AudIT before 3.2.0 allows an authenticated attacker to execute arbitrary OS commands via a crafted value for a URL field.
CVE-2019-10392 1Jenkins 1Git Client Nov 21, 2024 Sep 12, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
CVE-2019-10669 1Librenms 1Librenms Nov 21, 2024 Sep 9, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string...Show more An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru().Show less
CVE-2019-10891 1Dlink 1Dir 806 Firmware Jan 9, 2025 Sep 6, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attacke...Show more An issue was discovered in D-Link DIR-806 devices. There is a command injection in function hnap_main, which calls system() without checking the parameter that can be controlled by user, and finally allows remote attackers to execute arbitrary shell commands with a special HTTP header.Show less
CVE-2019-15029 1Fusionpbx 1Fusionpbx Nov 21, 2024 Sep 5, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command,...Show more FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service_edit.php file (which will insert the malicious command into the database). To trigger the command, one needs to call the services.php file via a GET request with the service id followed by the parameter a=start to execute the stored command.Show less
CVE-2019-15949 1Nagios 1Nagios Xi Nov 6, 2025 Sep 5, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downlo...Show more Nagios XI before 5.6.6 allows remote command execution as root. The exploit requires access to the server as the nagios user, or access as the admin user via the web interface. The getprofile.sh script, invoked by downloading a system profile (profile.php?cmd=download), is executed as root via a passwordless sudo entry; the script executes check_plugin, which is owned by the nagios user. A user logged into Nagios XI with permissions to modify plugins, or the nagios user on the server, can modify the check_plugin executable and insert malicious commands to execute as root.Show less
CVE-2019-5475 1Sonatype 1Nexus Repository Manager Nov 21, 2024 Sep 3, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
CVE-2019-11364 1Prophecyinternational 1Snare Central Nov 21, 2024 Aug 29, 2019 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 An OS Command Injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to inject arbitrary OS commands via the ServerConf/DataManagement/DiskManager.php FORMNAS_share parameter.
CVE-2019-15701 1Bloodhound Project 1Bloodhound Nov 21, 2024 Aug 27, 2019 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomple...Show more components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name.Show less
CVE-2019-15503 1Altavoz 1Prontuscms Nov 21, 2024 Aug 26, 2019 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET...Show more cgi-cpn/xcoding/prontus_videocut.cgi in AltaVoz Prontus (aka ProntusCMS) through 12.0.3.0 has "Improper Neutralization of Special Elements used in an OS Command," allowing attackers to execute OS commands via an HTTP GET parameter.Show less
CVE-2019-1581 1Paloaltonetworks 1Pan Os Nov 21, 2024 Aug 23, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This is...Show more A remote code execution vulnerability in the PAN-OS SSH device management interface that can lead to unauthenticated remote users with network access to the SSH management interface gaining root access to PAN-OS. This issue affects PAN-OS 7.1 versions prior to 7.1.24-h1, 7.1.25; 8.0 versions prior to 8.0.19-h1, 8.0.20; 8.1 versions prior to 8.1.9-h4, 8.1.10; 9.0 versions prior to 9.0.3-h3, 9.0.4.Show less
CVE-2019-15530 1Dlink 1Dir 823g Firmware Nov 21, 2024 Aug 23, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the LoginPassword field to Login.
CVE-2019-15529 1Dlink 1Dir 823g Firmware Nov 21, 2024 Aug 23, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Username field to Login.
CVE-2019-15528 1Dlink 1Dir 823g Firmware Nov 21, 2024 Aug 23, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSetting...Show more An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the Interface field to SetStaticRouteSettings.Show less
CVE-2019-15527 1Dlink 1Dir 823g Firmware Nov 21, 2024 Aug 23, 2019 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 (exploitable with Authentication) via shell metacharacters in the MaxIdTime field to SetWanSettings.

Previous 1...247248249...298 Next