VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 3 of 115
  • CVE-2014-125118CriJul 25, 2025
    risk 0.69cvss epss 0.03

    A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary…

  • CVE-2015-10141CriJul 23, 2025
    risk 0.69cvss epss 0.05

    An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without…

  • CVE-2025-34125CriJul 16, 2025
    risk 0.69cvss epss 0.03

    An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie values are processed, allowing remote attackers to execute arbitrary…

  • CVE-2025-34103CriJul 15, 2025
    risk 0.69cvss epss 0.04

    An unauthenticated command injection vulnerability exists in WePresent WiPG-1000 firmware versions prior to 2.2.3.0, due to improper input handling in the undocumented /cgi-bin/rdfs.cgi endpoint. The Client parameter is not sanitized before being passed to a system call,…

  • CVE-2025-34102CriJul 10, 2025
    risk 0.69cvss epss 0.07

    A remote code execution vulnerability exists in CryptoLog (PHP version, discontinued since 2009) due to a chained exploitation of SQL injection and command injection vulnerabilities. An unauthenticated attacker can gain shell access as the web server user by first exploiting a…

  • CVE-2025-34101CriJul 10, 2025
    risk 0.69cvss epss 0.03

    An unauthenticated command injection vulnerability exists in Serviio Media Server versions 1.4 through 1.8 on Windows, in the /rest/action API endpoint exposed by the console component (default port 23423). The checkStreamUrl method accepts a VIDEO parameter that is passed…

  • CVE-2025-34095CriJul 10, 2025
    risk 0.69cvss epss 0.04

    An OS command injection vulnerability exists in Mako Server versions 2.5 and 2.6, specifically within the tutorial interface provided by the examples/save.lsp endpoint. An unauthenticated attacker can send a crafted PUT request containing arbitrary Lua os.execute() code, which…

  • CVE-2025-34082CriJul 3, 2025
    risk 0.69cvss epss 0.05

    A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An…

  • CVE-2024-9441CriOct 2, 2024
    risk 0.69cvss 9.8epss 0.54

    The Linear eMerge e3-Series through version 1.00-07 is vulnerable to an OS command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary OS commands via the login_id parameter when invoking the forgot_password functionality over HTTP.

  • CVE-2018-9276HigKEVJul 2, 2018
    risk 0.69cvss 7.2epss 0.87

    An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed…

  • CVE-2017-14459CriApr 11, 2018
    risk 0.69cvss 10.0epss 0.12

    An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username…

  • CVE-2017-5173CriMay 19, 2017
    risk 0.69cvss 9.8epss 0.30

    An Improper Neutralization of Special Elements (in an OS command) issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An improper neutralization of special elements vulnerability has been identified. If special elements are not properly neutralized, an…

  • CVE-2017-6359CriMar 23, 2017
    risk 0.69cvss 9.8epss 0.27

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.

  • CVE-2016-10043CriJan 31, 2017
    risk 0.69cvss 10.0epss 0.10

    An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands and retrieve the output…

  • CVE-2025-34117CriJul 16, 2025
    risk 0.68cvss epss 0.23

    A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated…

  • CVE-2024-8504HigSep 10, 2024
    risk 0.68cvss 8.8epss 0.75

    An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

  • CVE-2018-12465CriJun 29, 2018
    risk 0.68cvss 9.1epss 0.79

    An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with…

  • CVE-2018-1143CriApr 19, 2018
    risk 0.68cvss 9.8epss 0.55

    A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi.

  • CVE-2018-6911CriFeb 13, 2018
    risk 0.68cvss 9.8epss 0.13

    The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).

  • CVE-2017-14094CriJan 19, 2018
    risk 0.68cvss 9.8epss 0.20

    A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system.