VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 2 of 115
  • CVE-2018-10660CriJun 26, 2018
    risk 0.73cvss 9.8epss 0.82

    An issue was discovered in multiple models of Axis IP Cameras. There is Shell Command Injection.

  • CVE-2017-17105CriDec 19, 2017
    risk 0.73cvss 9.8epss 0.85

    Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="15042…

  • CVE-2014-125124CriJul 31, 2025
    risk 0.72cvss epss 0.02

    An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The anyterm-module endpoint accepts unsanitized user input via the p parameter and directly injects…

  • CVE-2017-6360CriMar 23, 2017
    risk 0.72cvss 9.8epss 0.66

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.

  • CVE-2018-5347CriJan 12, 2018
    risk 0.71cvss 9.8epss 0.54

    Seagate Media Server in Seagate Personal Cloud has unauthenticated command injection in the uploadTelemetry and getLogs functions in views.py because .psp URLs are handled by the fastcgi.server component and shell metacharacters are mishandled.

  • CVE-2017-6361CriMar 23, 2017
    risk 0.71cvss 9.8epss 0.57

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.

  • CVE-2012-10040CriAug 11, 2025
    risk 0.70cvss epss 0.02

    Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec() with unsanitized input. An authenticated attacker can exploit this to execute…

  • CVE-2010-10013CriAug 8, 2025
    risk 0.70cvss epss 0.01

    An unauthenticated remote command execution vulnerability exists in AjaXplorer (now known as Pydio Cells) versions prior to 2.6. The flaw resides in the checkInstall.php script within the access.ssh plugin, which fails to properly sanitize user-supplied input to the destServer…

  • CVE-2012-10033CriAug 5, 2025
    risk 0.70cvss epss 0.01

    Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s…

  • CVE-2013-10049CriAug 1, 2025
    risk 0.70cvss epss 0.02

    An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize user-supplied input…

  • CVE-2013-10037CriJul 31, 2025
    risk 0.70cvss epss 0.10

    An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without sanitization. A remote unauthenticated attacker can exploit this flaw…

  • CVE-2018-11510CriJun 28, 2018
    risk 0.70cvss 9.8epss 0.45

    The ASUSTOR ADM 3.1.0.RFQ3 NAS portal suffers from an unauthenticated remote code execution vulnerability in the portal/apis/aggrecate_js.cgi file by embedding OS commands in the 'script' parameter.

  • CVE-2018-1235CriMay 29, 2018
    risk 0.70cvss 9.8epss 0.43

    Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, contain a command injection vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to execute arbitrary commands on the affected system with…

  • CVE-2017-9828CriJun 23, 2017
    risk 0.70cvss 9.8epss 0.82

    '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK…

  • CVE-2009-20010CriAug 30, 2025
    risk 0.69cvss epss 0.02

    Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell…

  • CVE-2012-10059CriAug 13, 2025
    risk 0.69cvss epss 0.03

    Dolibarr ERP/CRM versions <= 3.1.1 and <= 3.2.0 contain a post-authenticated OS command injection vulnerability in its database backup feature. The export.php script fails to sanitize the sql_compat parameter, allowing authenticated users to inject arbitrary system commands,…

  • CVE-2012-10039CriAug 11, 2025
    risk 0.69cvss epss 0.02

    ZEN Load Balancer versions 2.0 and 3.0-rc1 contain a command injection vulnerability in content2-2.cgi. The filelog parameter is passed directly into a backtick-delimited exec() call without sanitation. An authenticated attacker can inject arbitrary shell commands, resulting in…

  • CVE-2012-10037CriAug 11, 2025
    risk 0.69cvss epss 0.01

    PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's…

  • CVE-2012-10046CriAug 8, 2025
    risk 0.69cvss epss 0.03

    The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject…

  • CVE-2012-10041CriAug 8, 2025
    risk 0.69cvss epss 0.03

    WAN Emulator v2.3 contains two unauthenticated command execution vulnerabilities. The result.php script calls shell_exec() with unsanitized input from the pc POST parameter, allowing remote attackers to execute arbitrary commands as the www-data user. The system also includes a…