VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 4 of 115
  • CVE-2014-8389CriDec 28, 2017
    risk 0.68cvss 9.8epss 0.50

    cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware…

  • CVE-2017-16934CriNov 24, 2017
    risk 0.68cvss 9.8epss 0.13

    The web server on DBL DBLTek devices allows remote attackers to execute arbitrary OS commands by obtaining the admin password via a frame.html?content=/dev/mtdblock/5 request, and then using this password for the HTTP Basic Authentication needed for a change_password.csp…

  • CVE-2015-2279CriJul 25, 2017
    risk 0.68cvss 9.8epss 0.18

    cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or…

  • CVE-2017-7175CriJul 10, 2017
    risk 0.68cvss 9.9epss 0.07

    NfSen before 1.3.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the customfmt parameter (aka the "Custom output format" field).

  • CVE-2017-3506HigKEVApr 24, 2017
    risk 0.68cvss 7.4epss 0.96

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with…

  • CVE-2017-8051CriApr 21, 2017
    risk 0.68cvss 9.8epss 0.16

    Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.

  • CVE-2017-6182CriMar 30, 2017
    risk 0.68cvss 9.8epss 0.17

    In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via functions, aka NSWA-1304.

  • CVE-2026-42271HigKEVMay 8, 2026
    risk 0.67cvss 8.8epss 0.75

    LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a…

  • CVE-2026-28517CriFeb 27, 2026
    risk 0.67cvss 9.8epss 0.06

    openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database and passes it directly to exec() without validation or sanitization. If an…

  • CVE-2010-20059CriAug 20, 2025
    risk 0.67cvss epss 0.01

    FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.

  • CVE-2013-10050HigAug 1, 2025
    risk 0.67cvss 8.8epss 0.10

    An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing…

  • CVE-2022-4978CriJul 23, 2025
    risk 0.67cvss epss 0.02

    Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol that accepts remote keyboard input events without…

  • CVE-2025-34099CriJul 10, 2025
    risk 0.67cvss epss 0.01

    An unauthenticated command injection vulnerability exists in VICIdial versions 2.9 RC1 through 2.13 RC1, within the vicidial_sales_viewer.php component when password encryption is enabled (a non-default configuration). The application improperly passes the HTTP Basic…

  • CVE-2018-11143CriJun 2, 2018
    risk 0.67cvss 9.8epss 0.38

    Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 1 of 46).

  • CVE-2018-1000006HigJan 24, 2018
    risk 0.67cvss 8.8epss 0.85

    GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked in arbitrary command execution…

  • CVE-2017-16666HigJan 5, 2018
    risk 0.67cvss 8.8epss 0.80

    Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature.

  • CVE-2017-8220CriApr 25, 2017
    risk 0.67cvss 9.9epss 0.36

    TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a "host=" line within HTTP POST data.

  • CVE-1999-0043CriDec 4, 1996
    risk 0.67cvss 9.8epss 0.45

    Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

  • CVE-2024-51092CriMay 8, 2026
    risk 0.66cvss 9.1epss 0.07

    LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's initRrdDirectory().

  • CVE-2026-39808CriApr 14, 2026
    risk 0.66cvss 9.8epss 0.49

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via