VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 108 of 115
  • CVE-2019-10778Jan 8, 2020
    risk 0.00cvss epss 0.03

    devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.

  • CVE-2019-10776Jan 7, 2020
    risk 0.00cvss epss 0.02

    In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.

  • CVE-2019-10774Dec 30, 2019
    risk 0.00cvss epss 0.05

    php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.

  • CVE-2019-15598Dec 18, 2019
    risk 0.00cvss epss 0.03

    A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.

  • CVE-2019-10773Dec 16, 2019
    risk 0.00cvss epss 0.02

    In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.

  • CVE-2019-8159Nov 6, 2019
    risk 0.00cvss epss 0.03

    A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.

  • CVE-2019-17625Oct 16, 2019
    risk 0.00cvss epss 0.03

    There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for…

  • CVE-2019-15715Oct 9, 2019
    risk 0.00cvss epss 0.30

    MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.

  • CVE-2019-10392Sep 12, 2019
    risk 0.00cvss epss 0.26

    Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.

  • CVE-2019-5477Aug 16, 2019
    risk 0.00cvss epss 0.06

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input…

  • CVE-2019-13574Jul 12, 2019
    risk 0.00cvss epss 0.08

    In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.

  • CVE-2019-10061Mar 26, 2019
    risk 0.00cvss epss 0.04

    utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.

  • CVE-2018-6342Dec 31, 2018
    risk 0.00cvss epss 0.03

    react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF…

  • CVE-2018-19907Dec 6, 2018
    risk 0.00cvss epss 0.02

    A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library…

  • CVE-2018-1002101Dec 5, 2018
    risk 0.00cvss epss 0.04

    In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.

  • CVE-2018-6353HigJan 27, 2018
    risk 0.00cvss 7.8epss 0.00

    The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended…

  • CVE-2017-15108HigJan 20, 2018
    risk 0.00cvss 7.8epss 0.00

    spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

  • CVE-2015-8024Dec 2, 2015
    risk 0.00cvss epss 0.03

    McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication…

  • CVE-2015-6380Nov 24, 2015
    risk 0.00cvss epss 0.01

    An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.

  • CVE-2015-6370Nov 19, 2015
    risk 0.00cvss epss 0.00

    The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.