CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88
CVEs mapped to this weakness (2,292)
page 108 of 115| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-10778 | — | 0.00 | — | 0.03 | Jan 8, 2020 | devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization. | ||
| CVE-2019-10776 | — | 0.00 | — | 0.02 | Jan 7, 2020 | In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2. | ||
| CVE-2019-10774 | — | 0.00 | — | 0.05 | Dec 30, 2019 | php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | ||
| CVE-2019-15598 | — | 0.00 | — | 0.03 | Dec 18, 2019 | A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command. | ||
| CVE-2019-10773 | — | 0.00 | — | 0.02 | Dec 16, 2019 | In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set. | ||
| CVE-2019-8159 | 0.00 | — | 0.03 | Nov 6, 2019 | A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection. | |||
| CVE-2019-17625 | — | 0.00 | — | 0.03 | Oct 16, 2019 | There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for… | ||
| CVE-2019-15715 | — | 0.00 | — | 0.30 | Oct 9, 2019 | MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution. | ||
| CVE-2019-10392 | 0.00 | — | 0.26 | Sep 12, 2019 | Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection. | |||
| CVE-2019-5477 | 0.00 | — | 0.06 | Aug 16, 2019 | A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input… | |||
| CVE-2019-13574 | — | 0.00 | — | 0.08 | Jul 12, 2019 | In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command. | ||
| CVE-2019-10061 | 0.00 | — | 0.04 | Mar 26, 2019 | utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands. | |||
| CVE-2018-6342 | 0.00 | — | 0.03 | Dec 31, 2018 | react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF… | |||
| CVE-2018-19907 | — | 0.00 | — | 0.02 | Dec 6, 2018 | A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library… | ||
| CVE-2018-1002101 | 0.00 | — | 0.04 | Dec 5, 2018 | In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection. | |||
| CVE-2018-6353 | Hig | 0.00 | 7.8 | 0.00 | Jan 27, 2018 | The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended… | ||
| CVE-2017-15108 | Hig | 0.00 | 7.8 | 0.00 | Jan 20, 2018 | spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed. | ||
| CVE-2015-8024 | 0.00 | — | 0.03 | Dec 2, 2015 | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication… | |||
| CVE-2015-6380 | 0.00 | — | 0.01 | Nov 24, 2015 | An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622. | |||
| CVE-2015-6370 | 0.00 | — | 0.00 | Nov 19, 2015 | The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578. |
- CVE-2019-10778Jan 8, 2020risk 0.00cvss —epss 0.03
devcert-sanscache before 0.4.7 allows remote attackers to execute arbitrary code or cause a Command Injection via the exec function. The variable `commonName` controlled by user input is used as part of the `exec` function without any sanitization.
- CVE-2019-10776Jan 7, 2020risk 0.00cvss —epss 0.02
In "index.js" file line 240, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all versions prior to 0.22.2.
- CVE-2019-10774Dec 30, 2019risk 0.00cvss —epss 0.05
php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2019-15598Dec 18, 2019risk 0.00cvss —epss 0.03
A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command.
- CVE-2019-10773Dec 16, 2019risk 0.00cvss —epss 0.02
In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set.
- CVE-2019-8159Nov 6, 2019risk 0.00cvss —epss 0.03
A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribitrary code through arbitrary file deletion and OS command injection.
- CVE-2019-17625Oct 16, 2019risk 0.00cvss —epss 0.03
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for…
- CVE-2019-15715Oct 9, 2019risk 0.00cvss —epss 0.30
MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution.
- CVE-2019-10392Sep 12, 2019risk 0.00cvss —epss 0.26
Jenkins Git Client Plugin 2.8.4 and earlier and 3.0.0-rc did not properly restrict values passed as URL argument to an invocation of 'git ls-remote', resulting in OS command injection.
- CVE-2019-5477Aug 16, 2019risk 0.00cvss —epss 0.06
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input…
- CVE-2019-13574Jul 12, 2019risk 0.00cvss —epss 0.08
In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts a '|' character followed by a command.
- CVE-2019-10061Mar 26, 2019risk 0.00cvss —epss 0.04
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
- CVE-2018-6342Dec 31, 2018risk 0.00cvss —epss 0.03
react-dev-utils on Windows allows developers to run a local webserver for accepting various commands, including a command to launch an editor. The input to that command was not properly sanitized, allowing an attacker who can make a network request to the server (either via CSRF…
- CVE-2018-19907Dec 6, 2018risk 0.00cvss —epss 0.02
A Server-Side Template Injection issue was discovered in Crafter CMS 3.0.18. Attackers with developer privileges may execute OS commands by Creating/Editing a template file (.ftl filetype) that triggers a call to freemarker.template.utility.Execute in the FreeMarker library…
- CVE-2018-1002101Dec 5, 2018risk 0.00cvss —epss 0.04
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
- risk 0.00cvss 7.8epss 0.00
The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attacker at an unattended…
- risk 0.00cvss 7.8epss 0.00
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
- CVE-2015-8024Dec 2, 2015risk 0.00cvss —epss 0.03
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication…
- CVE-2015-6380Nov 24, 2015risk 0.00cvss —epss 0.01
An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via crafted parameters, aka Bug ID CSCux10622.
- CVE-2015-6370Nov 19, 2015risk 0.00cvss —epss 0.00
The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI input, aka Bug ID CSCux10578.