VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 18 of 115
  • CVE-2024-29640CriMar 29, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component.

  • CVE-2023-6437CriMar 28, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TP-Link TP-Link EX20v AX1800, Tp-Link Archer C5v AC1200, Tp-Link TD-W9970, Tp-Link TD-W9970v3, TP-Link VX220-G2u, TP-Link VN020-G2u allows authenticated OS Command…

  • CVE-2024-28048CriMar 26, 2024
    risk 0.64cvss 9.8epss 0.01

    OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using…

  • CVE-2024-28125CriMar 18, 2024
    risk 0.64cvss 9.8epss 0.01

    FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.

  • CVE-2018-17787CriOct 2, 2018
    risk 0.64cvss 9.8epss 0.04

    On D-Link DIR-823G devices, the GoAhead configuration allows /HNAP1 Command Injection via shell metacharacters in the POST data, because this data is sent directly to the "system" library function.

  • CVE-2018-17317CriSep 21, 2018
    risk 0.64cvss 9.8epss 0.04

    FruityWifi (aka PatatasFritas/PatataWifi) 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the io_mode, ap_mode, io_action, io_in_iface, io_in_set, io_in_ip, io_in_mask, io_in_gw, io_out_iface, io_out_set, io_out_mask, io_out_gw, iface, or…

  • CVE-2018-17228CriSep 19, 2018
    risk 0.64cvss 9.8epss 0.02

    nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.

  • CVE-2018-17068CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/Diagnosis route. This could lead to command injection via shell metacharacters in the sendNum parameter.

  • CVE-2018-17066CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction in the handler function of the /goform/form2systime.cgi route. This could lead to command injection via shell metacharacters in the datetime parameter.

  • CVE-2018-17064CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter after /goform/clearlog is…

  • CVE-2018-17063CriSep 15, 2018
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/NTPSyncWithHost route. This could lead to command injection via shell metacharacters.

  • CVE-2018-15484CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.08

    An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.

  • CVE-2018-16460CriSep 7, 2018
    risk 0.64cvss 9.8epss 0.03

    A command Injection in ps package versions <1.0.0 for Node.js allowed arbitrary commands to be executed when attacker controls the PID.

  • CVE-2018-1000666CriSep 6, 2018
    risk 0.64cvss 9.8epss 0.08

    GIG Technology NV JumpScale Portal 7 version before commit 15443122ed2b1cbfd7bdefc048bf106f075becdb contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in method: notifySpaceModification; that can result in…

  • CVE-2018-15477CriAug 30, 2018
    risk 0.64cvss 9.8epss 0.02

    myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device.

  • CVE-2018-3785CriAug 17, 2018
    risk 0.64cvss 9.8epss 0.04

    A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter.

  • CVE-2018-0349CriJul 18, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the Cisco SD-WAN Solution could allow an authenticated, remote attacker to overwrite arbitrary files on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the request admin-tech command in the CLI of…

  • CVE-2018-14060CriJul 15, 2018
    risk 0.64cvss 9.8epss 0.05

    OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

  • CVE-2018-14010CriJul 15, 2018
    risk 0.64cvss 9.8epss 0.05

    OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data.

  • CVE-2018-5553CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.02

    The Crestron Console service running on DGE-100, DM-DGE-200-C, and TS-1542-C devices with default configuration and running firmware versions 1.3384.00049.001 and lower are vulnerable to command injection that can be used to gain root-level access.