CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Description
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88
CVEs mapped to this weakness (2,292)
page 20 of 115| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-7440 | Cri | 0.64 | 9.8 | 0.04 | Feb 23, 2018 | An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836. | ||
| CVE-2017-14535 | Hig | 0.64 | 8.8 | 0.50 | Feb 16, 2018 | trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. | ||
| CVE-2018-1000043 | Cri | 0.64 | 9.8 | 0.04 | Feb 9, 2018 | Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be… | ||
| CVE-2018-1000042 | Cri | 0.64 | 9.8 | 0.04 | Feb 9, 2018 | Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be… | ||
| CVE-2018-0514 | Cri | 0.64 | 9.8 | 0.02 | Feb 8, 2018 | MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2018-0506 | Cri | 0.64 | 9.8 | 0.02 | Jan 26, 2018 | Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-17407 | Cri | 0.64 | 9.8 | 0.04 | Jan 23, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content… | ||
| CVE-2017-16608 | Cri | 0.64 | 9.8 | 0.04 | Jan 23, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper… | ||
| CVE-2017-18025 | Cri | 0.64 | 9.8 | 0.03 | Jan 9, 2018 | cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter. | ||
| CVE-2017-10904 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2017 | Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-17458 | Cri | 0.64 | 9.8 | 0.06 | Dec 7, 2017 | In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories,… | ||
| CVE-2016-1253 | Cri | 0.64 | 9.8 | 0.05 | Dec 5, 2017 | The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file. | ||
| CVE-2017-10902 | Cri | 0.64 | 9.8 | 0.02 | Dec 1, 2017 | PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||
| CVE-2017-1000214 | Cri | 0.64 | 9.8 | 0.03 | Nov 27, 2017 | GitPHP by xiphux is vulnerable to OS Command Injections | ||
| CVE-2017-16926 | Cri | 0.64 | 9.8 | 0.06 | Nov 22, 2017 | Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount. | ||
| CVE-2017-1000215 | Cri | 0.64 | 9.8 | 0.06 | Nov 17, 2017 | ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution | ||
| CVE-2017-1000235 | Cri | 0.64 | 9.8 | 0.03 | Nov 17, 2017 | I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised. | ||
| CVE-2017-3761 | Cri | 0.64 | 9.8 | 0.04 | Oct 17, 2017 | The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution. | ||
| CVE-2017-15226 | Cri | 0.64 | 9.8 | 0.02 | Oct 10, 2017 | Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call. | ||
| CVE-2017-1000116 | Cri | 0.64 | 9.8 | 0.06 | Oct 5, 2017 | Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. |
- risk 0.64cvss 9.8epss 0.04
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
- risk 0.64cvss 8.8epss 0.50
trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
- risk 0.64cvss 9.8epss 0.04
Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…
- risk 0.64cvss 9.8epss 0.04
Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a CWE-78: Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) vulnerability in .inc/callback.php that can result in execution of OS Commands. This attack appear to be…
- risk 0.64cvss 9.8epss 0.02
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.02
Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager v7.2.699 build 1001. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the content…
- risk 0.64cvss 9.8epss 0.04
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within exec.jsp. The issue results from the lack of proper…
- risk 0.64cvss 9.8epss 0.03
cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter.
- risk 0.64cvss 9.8epss 0.02
Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.06
In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a .git/hooks/post-update script checked into the repository. Typical use of Mercurial prevents construction of such repositories,…
- risk 0.64cvss 9.8epss 0.05
The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie before 5.0.0a-2.3+deb8u1, and in Debian unstable before 5.0.0a-3 allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.
- risk 0.64cvss 9.8epss 0.02
PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
- risk 0.64cvss 9.8epss 0.03
GitPHP by xiphux is vulnerable to OS Command Injections
- risk 0.64cvss 9.8epss 0.06
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.
- risk 0.64cvss 9.8epss 0.06
ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution
- risk 0.64cvss 9.8epss 0.03
I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.
- risk 0.64cvss 9.8epss 0.04
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external input. In certain cases, this could lead to command injection which, in turn, could lead to remote code execution.
- risk 0.64cvss 9.8epss 0.02
Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ozkerz component because beginIndex and endIndex are used directly in a popen call.
- risk 0.64cvss 9.8epss 0.06
Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.