VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 26 of 115
  • CVE-2017-9757HigJun 19, 2017
    risk 0.63cvss 8.8epss 0.39

    IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF.

  • CVE-2026-35906CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.00

    An undocumented debug CGI endpoint in T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03 allows unauthenticated attackers to execute arbitrary system commands as root via supplying a crafted HTTP query string.

  • CVE-2026-4631CriApr 7, 2026
    risk 0.62cvss 9.8epss 0.14

    Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects…

  • CVE-2025-50121CriJul 11, 2025
    risk 0.62cvss epss 0.15

    A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is created over the web interface HTTP when enabled. HTTP is disabled by…

  • CVE-2025-6514CriJul 9, 2025
    risk 0.62cvss 9.6epss 0.77

    mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL

  • CVE-2018-0708HigJul 17, 2018
    risk 0.62cvss 8.8epss 0.26

    Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

  • CVE-2018-7187HigFeb 16, 2018
    risk 0.62cvss 8.8epss 0.63

    The "go get" implementation in Go 1.9.4, when the -insecure command-line option is used, does not validate the import path (get/vcs.go only checks for "://" anywhere in the string), which allows remote attackers to execute arbitrary OS commands via a crafted web site.

  • CVE-2017-15049HigDec 19, 2017
    risk 0.62cvss 8.8epss 0.17

    The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

  • CVE-2017-16921HigDec 8, 2017
    risk 0.62cvss 8.8epss 0.20

    In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of…

  • CVE-2017-17055CriDec 7, 2017
    risk 0.62cvss 9.0epss 0.09

    Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.

  • CVE-2015-5958HigAug 31, 2017
    risk 0.62cvss 8.8epss 0.27

    phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL.

  • CVE-2015-2280HigJul 25, 2017
    risk 0.62cvss 8.8epss 0.17

    snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.

  • CVE-2026-46399CriJun 5, 2026
    risk 0.61cvss epss 0.00

    HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this vulnerability to configure malicious Git filter commands and achieve code…

  • CVE-2026-41923CriMay 4, 2026
    risk 0.61cvss epss 0.03

    WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the internet.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the gateway POST parameter.…

  • CVE-2026-41922CriMay 4, 2026
    risk 0.61cvss epss 0.05

    WDR201A WiFi Extender (HW V2.1, FW LFMZX28040922V1.02) contains an OS command injection vulnerability in the wireless.cgi binary that allows unauthenticated remote attackers to execute arbitrary shell commands by injecting malicious input into the sz11gChannel or PIN POST…

  • CVE-2026-21571CriApr 21, 2026
    risk 0.61cvss epss 0.01

    This Critical severity OS Command Injection vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center.   This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 9.4 and a CVSS Vector of …

  • CVE-2025-30044CriMar 2, 2026
    risk 0.61cvss epss 0.01

    In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code…

  • CVE-2025-65008CriDec 18, 2025
    risk 0.61cvss epss 0.02

    In WODESYS WD-R608U router (also known as WDR122B V2.0 and WDR28) due to lack of validation in the langGet parameter in the adm.cgi endpoint, the malicious attacker can execute system shell commands. The vendor was notified early about this vulnerability, but didn't respond…

  • CVE-2025-34319CriDec 3, 2025
    risk 0.61cvss epss 0.04

    TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially crafted requests to trigger…

  • CVE-2023-7304CriOct 15, 2025
    risk 0.61cvss epss 0.04

    Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted request data, causing the application to execute…