Skip to main content

OS Command Injection

web CRITICAL

OS command injection occurs when an application passes unsanitized user input directly into system shell commands.

How It Works

OS command injection occurs when an application passes unsanitized user input directly into system shell commands. Instead of treating input as pure data, the shell interprets special characters as command separators or modifiers, allowing attackers to append arbitrary commands. Common injection points include system(), exec(), popen(), and backtick operators in languages like PHP, Python, and Ruby.

Attackers exploit shell metacharacters to break out of the intended command context. On both Unix and Windows, semicolons (;), pipes (|), and logical operators (&&, ||) chain multiple commands. Unix shells additionally interpret backticks and $() for command substitution, while newlines can also separate statements. For example, if an application executes ping -c 4 $USER_IP, an attacker supplying 8.8.8.8; cat /etc/passwd causes the server to run two commands sequentially.

Attacks manifest in three variants. Visible injection returns command output in the HTTP response, giving immediate feedback. Blind injection produces no direct output, requiring time-based detection (using sleep or timeout commands) or out-of-band confirmation via DNS lookups or HTTP callbacks to attacker-controlled servers. Attackers can also redirect output to web-accessible files for later retrieval.

Impact

  • Complete server compromise — execute any command with the application's privileges, often www-data or root
  • Lateral movement — scan internal networks, pivot to backend systems unreachable from the internet
  • Data exfiltration — dump databases, read configuration files containing credentials, access sensitive business data
  • Persistence mechanisms — install cron jobs, add SSH keys, deploy web shells for continued access
  • Denial of service — crash services, fill disk space, consume CPU resources
  • Supply chain attacks — modify application code or deployment artifacts to compromise downstream users

Real-World Examples

The Ivanti Cloud Service Appliance suffered CVE-2024-8190, where command injection in the administrative interface allowed unauthenticated attackers to execute arbitrary OS commands. CISA added it to the Known Exploited Vulnerabilities catalog after observing active exploitation against enterprise networks.

GitLab experienced multiple command injection vulnerabilities over the years, including issues in repository import functionality where Git URLs containing shell metacharacters were passed unsanitized to system commands, enabling remote code execution on self-hosted instances.

Network equipment frequently contains these flaws. Various Netgear routers have exhibited command injection in ping diagnostic tools, where user-supplied IP addresses were concatenated directly into shell commands without validation, granting attackers complete device control.

Mitigation

  • Eliminate OS commands entirely — use native language libraries (filesystem APIs, network functions) instead of shelling out
  • Strict input allowlisting — permit only exact matches against predefined values; validate format with regex before any processing
  • Parameterized execution APIs — use execve() or language equivalents that pass arguments as arrays, bypassing the shell interpreter completely
  • Principle of least privilege — run application processes with minimal permissions to limit compromise impact
  • Input validation — enforce expected patterns (IP addresses, alphanumeric IDs) but never rely on blacklisting metacharacters

Recent CVEs (7747)

EPSS 1% CVSS 5.1
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in D-Link DIR-823X 240126/240802. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 823x Firmware
NVD GitHub VulDB
EPSS 1% CVSS 7.2
HIGH This Week

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Hcl Devops Deploy Hcl Launch
NVD
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP Hibos
NVD GitHub VulDB
EPSS 1% CVSS 8.6
HIGH This Week

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability in the runtime.emailReg function. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["pkgsize"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

In Linksys E5600 V1.1.0.26, the \usr\share\lua\runtime.lua file contains a command injection vulnerability in the runtime.pingTest function via the pt["count"] parameter. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM This Month

Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the pt parameter in the traceRoute function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Linksys E5600 Firmware
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Autogpt Classic
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC This Month

A vulnerability in the `start_app_server` function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Path Traversal +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.1_1101. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 1% CVSS 8.6
HIGH This Week

Improper Neutralization of Special Elements used in a Command vulnerability allows OS Command Injection via RCE.6 . Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
EPSS 74% 5.4 CVSS 8.6
HIGH POC THREAT Act Now

Pandora FMS monitoring platform versions 700 through 777.6 contain a command injection vulnerability that allows OS command execution. The improper neutralization of special elements in monitoring agent communication enables attackers to execute arbitrary commands on the Pandora FMS server with the application's privileges.

Command Injection Pandora Fms
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in Oiwtech OIW-2431APGN-HP 2.5.3-B20131128 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Koha before 24.11.02 allows admins to execute arbitrary commands via shell metacharacters in the tools/scheduler.pl report parameter. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM This Month

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortinac
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiManager versions 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Fortinet +2
NVD
EPSS 0% CVSS 3.7
LOW POC Monitor

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. Rated low severity (CVSS 3.7). Public exploit code available and no vendor patch available.

Command Injection Gitlab Google
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Command Injection Cisco +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL Act Now

A command injection vulnerability exists in the /check_image_and_trigger_recovery API endpoint of Bitdefender Box 1 (firmware version 1.3.11.490). Rated critical severity (CVSS 9.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Box Firmware
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Arc allows an authorized attacker to elevate privileges locally. [CVSS 7.0 HIGH]

Command Injection Microsoft
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Improper neutralization of special elements used in a command ('command injection') in Azure Command Line Integration (CLI) allows an unauthorized attacker to elevate privileges locally. [CVSS 8.4 HIGH]

Command Injection Microsoft Suse
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Multiple improper neutralization of special elements used in an OS Command vulnerabilities [CWE-78] in FortiSandbox before 4.4.5 allows a privileged attacker to execute unauthorized commands via crafted requests. [CVSS 7.2 HIGH]

Command Injection
NVD
EPSS 0%
This Week

The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS 0%
This Week

The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS 0%
This Week

The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.

Command Injection
NVD
EPSS 0% CVSS 2.7
LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly neutralize special characters when interpreting user controlled log paths. [CVSS 2.7 LOW]

Command Injection Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new SNMP users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new users. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions < V4.0). Affected devices do not properly sanitize user input when creating new VXLAN configurations. [CVSS 7.2 HIGH]

Command Injection RCE Siemens
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the ”zyUtilMailSend” function of the Zyxel AX7501-B1 firmware version V5.17(ABPC.5.3)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the "ZyEE" function of the Zyxel EX5601-T1 firmware version V5.70(ACDZ.3.6)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A post-authentication command injection vulnerability in the "DNSServer” parameter of the diagnostic function in the Zyxel VMG8825-T50K firmware version V5.50(ABOM.8.5)C0 and earlier could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. [CVSS 7.2 HIGH]

Command Injection Zyxel
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 7% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex1800T Firmware TOTOLINK
NVD GitHub VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

A command injection vulnerability has been reported to affect QHora. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

A command injection vulnerability has been reported to affect QHora. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 1% CVSS 7.7
HIGH This Week

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Command Injection Privilege Escalation +1
NVD
EPSS 11% CVSS 9.8
CRITICAL POC THREAT Emergency

Tenda AC15 v15.03.05.19 is vulnerable to Command Injection via the handler function in /goform/telnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Command Injection Tenda Ac15 Firmware
NVD GitHub
EPSS 85% CVSS 9.3
CRITICAL KEV THREAT Emergency

Edimax IC-7100 IP camera allows unauthenticated remote code execution through improper neutralization of requests, with no patch available as the device is end-of-life.

Command Injection RCE Ic 7100 Firmware
NVD
EPSS 4% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in hzmanyun Education and Training System 2.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
EPSS 5% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in hzmanyun Education and Training System 2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Education And Training System
NVD VulDB GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Broadlinkmanager D-Link
NVD GitHub
EPSS 0% CVSS 3.5
LOW Monitor

Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a sufficient input validation allowing for a possible command injection leading. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection File Upload Axis Os +1
NVD
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Vim is an open source, command line text editor. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Vim Hci Compute Node +2
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability has been found in ESAFENET DSM 3.1.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dsm
NVD GitHub VulDB
EPSS 3% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub VulDB
EPSS 2% CVSS 5.3
MEDIUM This Month

A vulnerability, which was classified as critical, was found in Tenda AC7 1200M 15.03.06.44. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tenda Ac7 Firmware
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection PHP +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

An Improper Neutralization of Escape Sequences vulnerability could allow an Authentication Bypass with a Remote Code Execution (RCE) by a malicious actor with access to UniFi Protect Cameras adjacent. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass Command Injection RCE +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

An issue was discovered on Tuoshi/Dionlink LT15D 4G Wi-Fi devices through M7628NNxlSPv2xUI_v1.0.1802.10.08_P4 and LT21B devices through M7628xUSAxUIv2_v1.0.1481.15.02_P0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Code Injection
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability in the software upgrade process of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, local attacker with. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root&nbsp;on the underlying operating system of an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Cisco Application Policy Infrastructure Controller
NVD
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 5.1
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM POC This Month

An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload +1
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Node.js Matrix Irc Bridge
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Education And Training System
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE Sparkshop
NVD GitHub
EPSS 6% CVSS 10.0
CRITICAL POC PATCH Act Now

WeGIA is a Web manager for charitable institutions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 5% CVSS 10.0
CRITICAL Act Now

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution (RCE) vulnerability was found in the dynamic agent (implant) compilation functionality of the server. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

An improper input validation vulnerability was discovered in the NTP server configuration field of the Network-M2 card. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in cmstactics WP Video Posts allows OS Command Injection.5.1. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection CSRF
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection An5506 01A Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in LB-LINK AC1900 Router 1.0.2 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
EPSS 1% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in LB-LINK AC1900 Router 1.0.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac1900 Firmware
NVD VulDB
EPSS 1% CVSS 7.7
HIGH This Week

binance-trading-bot is an automated Binance trading bot with trailing buy/sell strategy. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

MRCMS v3.1.2 was discovered to contain a server-side template injection (SSTI) vulnerability in the component \servlet\DispatcherServlet.java. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection RCE Mrcms
NVD
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the apcli_wps_gen_pincode function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
EPSS 6% CVSS 6.5
MEDIUM POC This Month

Totolink X5000R V9.1.0u.6369_B20230113 is vulnerable to command injection via the vif_disable function in mtkwifi.lua. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware TOTOLINK
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /file/savefile.do of MRCMS v3.1.2 allows attackers to execute arbitrary code via uploading a crafted .jsp file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection RCE File Upload +1
NVD
EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
Prev Page 30 of 87 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
7747

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy