Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

CVEs (5,893)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-10902 1Princeton 1Ptw Wms1 Firmware May 13, 2026 Dec 1, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2017-1000159 1Gnome 1Evince May 13, 2026 Nov 27, 2017 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Command injection in evince via filename when printing to PDF. This affects versions earlier than 3.25.91.
CVE-2017-1000214 1Gitphp Project 1Gitphp May 13, 2026 Nov 27, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 GitPHP by xiphux is vulnerable to OS Command Injections
CVE-2017-16960 1Tp Link 54Tl Er3210g Firmware Tl Er3220g FirmwareTl Er5110g Firmware+51 more May 13, 2026 Nov 27, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the...Show more TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/interface command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/interface.lua in uhttpd.Show less
CVE-2017-16958 1Tp Link 51Tl Er3210g Firmware Tl Er3220g FirmwareTl Er5110g Firmware+48 more May 13, 2026 Nov 27, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get...Show more TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.Show less
CVE-2017-16957 1Tp Link 51Tl Er3210g Firmware Tl Er3220g FirmwareTl Er5110g Firmware+48 more May 13, 2026 Nov 27, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zo...Show more TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the iface field of an admin/diagnostic command to cgi-bin/luci, related to the zone_get_effect_devices function in /usr/lib/lua/luci/controller/admin/diagnostic.lua in uhttpd.Show less
CVE-2017-16934 1Dbltek 1Web Server May 13, 2026 Nov 24, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Ba...Show more The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp request, which supports a "<%%25call system.exec:" string in the passwd parameter.Show less
CVE-2017-16926 1Ohcount Project 1Ohcount May 13, 2026 Nov 22, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary c...Show more Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.Show less
CVE-2017-16923 1Tenda 3Ac15 Firmware Ac18 FirmwareAc9 Firmware May 13, 2026 Nov 21, 2017 N/A· v4 8.8 HIGH· v3 8.3 HIGH· v2 Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.1...Show more Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the "sub_A6E8 usbeject_process_entry" function executes a system function with untrusted input.Show less
CVE-2017-1000215 1Xrootd 1Xrootd May 13, 2026 Nov 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
CVE-2017-1000203 1Cern 1Root May 13, 2026 Nov 17, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
CVE-2017-1000235 1Scilico 1I, Librarian Dec 5, 2025 Nov 17, 2017 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
CVE-2017-1000220 1Pidusage Project 1Pidusage May 13, 2026 Nov 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution
CVE-2017-1000219 1Windows Cpu Project 1Windows Cpu May 13, 2026 Nov 17, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user
CVE-2017-12305 1Cisco 1Ip Phone 8800 Series Firmware May 13, 2026 Nov 16, 2017 N/A· v4 6.7 MEDIUM· v3 7.2 HIGH· v2 A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient...Show more A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.Show less
CVE-2017-12636 1Apache 1Couchdb May 13, 2026 Nov 14, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an ad...Show more CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet.Show less
CVE-2017-1453 1Ibm 1Security Access Manager 9.0 Firmware May 13, 2026 Nov 13, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to...Show more IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.Show less
CVE-2017-16667 1Backintime Project 1Backintime May 13, 2026 Nov 8, 2017 N/A· v4 7.8 HIGH· v3 9.3 HIGH· v2 backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.sy...Show more backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.Show less
CVE-2017-16641 1Cacti 1Cacti May 13, 2026 Nov 7, 2017 N/A· v4 7.2 HIGH· v3 9.0 HIGH· v2 lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2017-2917 1Meetcircle 1Circle With Disney Firmware May 13, 2026 Nov 7, 2017 N/A· v4 8.8 HIGH· v3 9.0 HIGH· v2 An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP reque...Show more An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability.Show less

Previous 1...276277278...295 Next