VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 5 of 115
  • CVE-2025-64128CriNov 26, 2025
    risk 0.66cvss 10.0epss 0.02

    An OS command injection vulnerability exists due to incomplete validation of user-supplied input. Validation fails to enforce sufficient formatting rules, which could permit attackers to append arbitrary data. This could allow an unauthenticated attacker to inject arbitrary…

  • CVE-2025-64127CriNov 26, 2025
    risk 0.66cvss 10.0epss 0.02

    An OS command injection vulnerability exists due to insufficient sanitization of user-supplied input. The application accepts parameters that are later incorporated into OS commands without adequate validation. This could allow an unauthenticated attacker to execute …

  • CVE-2025-64126CriNov 26, 2025
    risk 0.66cvss 10.0epss 0.02

    An OS command injection vulnerability exists due to improper input validation. The application accepts a parameter directly from user input without verifying it is a valid IP address or filtering potentially malicious characters. This could allow an unauthenticated attacker…

  • CVE-2025-34152CriAug 7, 2025
    risk 0.66cvss epss 0.62

    An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is processed by the internal date '-s' command without rebooting or disrupting HTTP…

  • CVE-2013-10053HigAug 1, 2025
    risk 0.66cvss epss 0.01

    A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell metacharacters into…

  • CVE-2025-34116HigJul 15, 2025
    risk 0.66cvss epss 0.01

    A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command…

  • CVE-2025-34030CriJun 20, 2025
    risk 0.66cvss epss 0.59

    An OS command injection vulnerability exists in sar2html version 3.2.2 and prior via the plot parameter in index.php. The application fails to sanitize user-supplied input before using it in a system-level context. Remote, unauthenticated attackers can inject shell commands by…

  • CVE-2021-47667CriApr 5, 2025
    risk 0.66cvss 10.0epss 0.26

    An OS command injection vulnerability in lib/NSSDropoff.php in ZendTo 5.24-3 through 6.x before 6.10-7 allows unauthenticated remote attackers to execute arbitrary commands via shell metacharacters in the tmp_name parameter when dropping off a file via a POST /dropoff request.

  • CVE-2024-27172CriJun 14, 2024
    risk 0.66cvss 9.8epss 0.27

    Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference URL.

  • CVE-2018-16144CriSep 5, 2018
    risk 0.66cvss 9.8epss 0.33

    The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.

  • CVE-2018-15877HigAug 26, 2018
    risk 0.66cvss 8.8epss 0.77

    The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request.

  • CVE-2017-5255HigDec 20, 2017
    risk 0.66cvss 8.8epss 0.75

    In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of input sanitation for certain parameters on the web management console allows any authenticated user (including the otherwise low-privilege readonly user) to inject shell meta-characters as part of a…

  • CVE-2017-17405HigDec 15, 2017
    risk 0.66cvss 8.8epss 0.74

    Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is…

  • CVE-2026-49261CriJun 11, 2026
    risk 0.65cvss 10.0epss 0.01

    MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1 through 11.4.11, 11.8.1 through 11.8.7, and 12.3.1 with `wsrep_notify_cmd` enabled would execute shell commands embedded in the name of the joiner…

  • CVE-2026-34234CriMay 19, 2026
    risk 0.65cvss 10.0epss 0.01

    CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer (public/installer/index.php) is vulnerable to unauthenticated Remote Code Execution (RCE) because it performs the install.lock check only after including and…

  • CVE-2026-41553CriMay 15, 2026
    risk 0.65cvss 10.0epss 0.01

    PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicious JavaScript code to the parameter whose value is processed by Node.js and…

  • CVE-2026-5965CriApr 21, 2026
    risk 0.65cvss 9.8epss 0.02

    NewSoftOA developed by NewSoft has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.

  • CVE-2026-30302CriMar 27, 2026
    risk 0.65cvss 10.0epss 0.02

    The command auto-approval module in CodeRider-Kilo contains an OS Command Injection vulnerability, rendering its whitelist security mechanism ineffective. The vulnerability stems from the incorrect use of an incompatible command parser (the Unix-based shell-quote library) to…

  • CVE-2021-35402CriFeb 20, 2026
    risk 0.65cvss 10.0epss 0.01

    PROLiNK PRC2402M 20190909 before 2021-06-13 allows live_api.cgi?page=satellite_list OS command injection via shell metacharacters in the ip parameter (for satellite_status).

  • CVE-2020-37123CriFeb 5, 2026
    risk 0.65cvss 9.8epss 0.03

    Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell…