VYPR

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

BaseStableLikelihood: High

Description

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-108 · CAPEC-15 · CAPEC-43 · CAPEC-6 · CAPEC-88

CVEs mapped to this weakness (2,292)

page 7 of 115
  • CVE-2017-14100CriSep 2, 2017
    risk 0.65cvss 9.8epss 0.15

    In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before 14.6.1 and Certified Asterisk 11.x before 11.6-cert17 and 13.x before 13.13-cert5, unauthorized command execution is possible. The app_minivm module has an "externnotify" program configuration option that is…

  • CVE-2017-1253CriJul 5, 2017
    risk 0.65cvss 9.9epss 0.02

    IBM Security Guardium 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 124633.

  • CVE-2017-6398HigMar 14, 2017
    risk 0.65cvss 8.8epss 0.55

    An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default…

  • CVE-2015-7426CriJan 2, 2016
    risk 0.65cvss 10.0epss 0.03

    The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot)…

  • CVE-2026-38065CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.

  • CVE-2026-38064CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.

  • CVE-2026-38063CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.

  • CVE-2026-38062CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.

  • CVE-2026-38061CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.

  • CVE-2026-38060CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.

  • CVE-2026-9862CriJun 15, 2026
    risk 0.64cvss 9.8epss 0.01

    Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the…

  • CVE-2026-44170CriJun 12, 2026
    risk 0.64cvss 9.8epss 0.01

    MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated…

  • CVE-2026-42846CriJun 11, 2026
    risk 0.64cvss 9.8epss 0.01

    ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is…

  • CVE-2026-45558CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section/<section_type> and the PUT / global / defaults variants) accept a JSON option…

  • CVE-2026-45556CriJun 10, 2026
    risk 0.64cvss 9.9epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf//<server_ip>/rule/<rule_id>/save accepts a config_file_name form field that is passed straight through to…

  • CVE-2026-38615CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.01

    DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.

  • CVE-2026-25089CriJun 9, 2026
    risk 0.64cvss 9.8epss 0.23

    A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS…

  • CVE-2026-45777CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.00

    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This…

  • CVE-2026-45748CriJun 5, 2026
    risk 0.64cvss 9.8epss 0.02

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`,…

  • CVE-2026-45744CriJun 5, 2026
    risk 0.64cvss 9.9epss 0.02

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for…