VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 103 of 115
  • CVE-2020-28243Feb 27, 2021
    risk 0.00cvss epss 0.04

    An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.

  • CVE-2020-28490Feb 18, 2021
    risk 0.00cvss epss 0.03

    The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')

  • CVE-2021-21016Feb 11, 2021
    risk 0.00cvss epss 0.05

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to OS command injection via the WebAPI. Successful exploitation could lead to remote code execution by an authenticated attacker. Access to the admin console is required for…

  • CVE-2021-21015Feb 11, 2021
    risk 0.00cvss epss 0.03

    Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an OS command injection via the customer attribute save controller. Successful exploitation could lead to arbitrary code execution by an authenticated attacker. Access to the…

  • CVE-2021-27185Feb 10, 2021
    risk 0.00cvss epss 0.05

    The samba-client package before 4.0.0 for Node.js allows command injection because of the use of process.exec.

  • CVE-2020-7785Feb 8, 2021
    risk 0.00cvss epss 0.02

    This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.

  • CVE-2021-21289Feb 2, 2021
    risk 0.00cvss epss 0.04

    Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes'…

  • CVE-2020-7775Feb 2, 2021
    risk 0.00cvss epss 0.01

    This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.

  • CVE-2020-28494Feb 2, 2021
    risk 0.00cvss epss 0.02

    This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option…

  • CVE-2013-2512Jan 26, 2021
    risk 0.00cvss epss 0.04

    The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.

  • CVE-2021-3291Jan 26, 2021
    risk 0.00cvss epss 0.17

    Zen Cart 1.5.7b allows admins to execute arbitrary OS commands by inspecting an HTML radio input element (within the modules edit page) and inserting a command.

  • CVE-2021-3190Jan 21, 2021
    risk 0.00cvss epss 0.05

    The async-git package before 1.13.2 for Node.js allows OS Command Injection via shell metacharacters, as demonstrated by git.reset and git.tag.

  • CVE-2020-35459Jan 12, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

  • CVE-2020-7794Jan 8, 2021
    risk 0.00cvss epss 0.02

    This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).

  • CVE-2020-26294Jan 4, 2021
    risk 0.00cvss epss 0.02

    Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In Vela compiler before version 0.6.1 there is a vulnerability which allows exposure of server configuration. It impacts all users of Vela. An attacker can use Sprig's `env`…

  • CVE-2020-28925Dec 30, 2020
    risk 0.00cvss epss 0.01

    Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance.

  • CVE-2020-26284Dec 21, 2020
    risk 0.00cvss epss 0.01

    Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the…

  • CVE-2020-26274Dec 16, 2020
    risk 0.00cvss epss 0.03

    In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation fix.

  • CVE-2020-7781Dec 16, 2020
    risk 0.00cvss epss 0.02

    This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:

  • CVE-2020-28439Dec 11, 2020
    risk 0.00cvss epss 0.02

    This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC: