Skip to main content

OS Command Injection

web CRITICAL

OS command injection occurs when an application passes unsanitized user input directly into system shell commands.

How It Works

OS command injection occurs when an application passes unsanitized user input directly into system shell commands. Instead of treating input as pure data, the shell interprets special characters as command separators or modifiers, allowing attackers to append arbitrary commands. Common injection points include system(), exec(), popen(), and backtick operators in languages like PHP, Python, and Ruby.

Attackers exploit shell metacharacters to break out of the intended command context. On both Unix and Windows, semicolons (;), pipes (|), and logical operators (&&, ||) chain multiple commands. Unix shells additionally interpret backticks and $() for command substitution, while newlines can also separate statements. For example, if an application executes ping -c 4 $USER_IP, an attacker supplying 8.8.8.8; cat /etc/passwd causes the server to run two commands sequentially.

Attacks manifest in three variants. Visible injection returns command output in the HTTP response, giving immediate feedback. Blind injection produces no direct output, requiring time-based detection (using sleep or timeout commands) or out-of-band confirmation via DNS lookups or HTTP callbacks to attacker-controlled servers. Attackers can also redirect output to web-accessible files for later retrieval.

Impact

  • Complete server compromise — execute any command with the application's privileges, often www-data or root
  • Lateral movement — scan internal networks, pivot to backend systems unreachable from the internet
  • Data exfiltration — dump databases, read configuration files containing credentials, access sensitive business data
  • Persistence mechanisms — install cron jobs, add SSH keys, deploy web shells for continued access
  • Denial of service — crash services, fill disk space, consume CPU resources
  • Supply chain attacks — modify application code or deployment artifacts to compromise downstream users

Real-World Examples

The Ivanti Cloud Service Appliance suffered CVE-2024-8190, where command injection in the administrative interface allowed unauthenticated attackers to execute arbitrary OS commands. CISA added it to the Known Exploited Vulnerabilities catalog after observing active exploitation against enterprise networks.

GitLab experienced multiple command injection vulnerabilities over the years, including issues in repository import functionality where Git URLs containing shell metacharacters were passed unsanitized to system commands, enabling remote code execution on self-hosted instances.

Network equipment frequently contains these flaws. Various Netgear routers have exhibited command injection in ping diagnostic tools, where user-supplied IP addresses were concatenated directly into shell commands without validation, granting attackers complete device control.

Mitigation

  • Eliminate OS commands entirely — use native language libraries (filesystem APIs, network functions) instead of shelling out
  • Strict input allowlisting — permit only exact matches against predefined values; validate format with regex before any processing
  • Parameterized execution APIs — use execve() or language equivalents that pass arguments as arrays, bypassing the shell interpreter completely
  • Principle of least privilege — run application processes with minimal permissions to limit compromise impact
  • Input validation — enforce expected patterns (IP addresses, alphanumeric IDs) but never rely on blacklisting metacharacters

Recent CVEs (7748)

EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in BDCOM Behavior Management and Auditing System up to 20250210 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub VulDB
EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability was found in Raisecom Multi-Service Intelligent Gateway up to 20250208. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

Tenda AC10 V1.0 V15.03.06.23 has a command injection vulnerablility located in the formexeCommand function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tenda Ac10 Firmware
NVD GitHub
EPSS 1% CVSS 9.4
CRITICAL Act Now

An OS command injection vulnerability exists in Vinci Protocol Analyzer that could allow an attacker to escalate privileges and perform code execution on affected system. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 2% CVSS 6.9
MEDIUM This Month

A vulnerability was found in Synway SMG Gateway Management Software up to 20250204. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP
NVD GitHub VulDB
EPSS 0% CVSS 8.0
HIGH This Week

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the public_type parameter. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the samba_wg and samba_nbn parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
EPSS 0% CVSS 8.0
HIGH This Week

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL POC Act Now

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection PHP RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 4.8
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Escan Anti Virus
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability classified as critical was found in MicroWord eScan Antivirus 7.0.32 on Linux. Rated low severity (CVSS 2.0). Public exploit code available and no vendor patch available.

Command Injection Escan Anti Virus
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024_B20220329. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection X18 Firmware TOTOLINK
NVD GitHub VulDB
EPSS 17% CVSS 6.9
MEDIUM POC THREAT This Month

A vulnerability was found in NUUO Camera up to 20250203. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.0% and no vendor patch available.

Command Injection PHP
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

Implementation of the Simple Network Management Protocol (SNMP) operating on the Brocade 6547 (FC5022) embedded switch blade, makes internal script calls to system.sh from within the SNMP binary. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The vulnerability may allow a remote low priviledged attacker to run arbitrary shell commands by using lower-level functions to interact with the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in MarketingFire Widget Options allows OS Command Injection.1.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.2
HIGH This Week

IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 / IBM UrbanCode Deploy 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14, and 7.3 through 7.3.2.9 could allow a remote. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Devops Deploy +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A critical remote code execution (RCE) vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Mercedes-Benz head-unit NTG6 has Ethernet pins on Base Board to connect module CSB. Rated medium severity (CVSS 4.9), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Authentication Bypass Headunit Ntg6 Mercedes Benz User Experience
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mypro
NVD
EPSS 0% CVSS 8.7
HIGH This Week

An attacker may inject commands via specially-crafted post requests. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Mojave Inverter Oghi8048A Firmware
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability classified as critical was found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 8.6
HIGH This Week

A command injection vulnerability in the Palo Alto Networks PAN-OS OpenConfig plugin enables an authenticated administrator with the ability to make gNMI requests to the PAN-OS management web. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Paloalto
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 853 Firmware
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

Prototype Pollution Command Injection Denial Of Service +1
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable. No vendor patch available.

Prototype Pollution Command Injection Denial Of Service +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A command injection flaw was found in the text editor Emacs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD VulDB
EPSS 0% CVSS 7.9
HIGH This Week

An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection RCE
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.0.0 through 7.6.0 allows attacker to execute unauthorized code or commands via. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb 7.4.0 through 7.6.0 allows attacker to execute unauthorized code or commands via. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortiweb
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiAnalyzer version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortinet Fortimanager Cloud +4
NVD
EPSS 44% CVSS 9.1
CRITICAL Emergency

OS command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 44.0% and no vendor patch available.

Command Injection RCE Ivanti +1
NVD
EPSS 1% CVSS 8.3
HIGH This Month

OS Command Injection vulnerability in Revolution Pi version 2022-07-28-revpi-buster from KUNBUS GmbH. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection PHP
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Month

SFTPGo is an open source, event-driven file transfer solution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection Suse
NVD GitHub
EPSS 21% CVSS 8.0
HIGH Act Now

An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

Command Injection RCE Tl Wpa8630 Firmware
NVD GitHub
EPSS 2% CVSS 7.3
HIGH This Week

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Honeywell OneWireless Wireless Device Manager (WDM) for the following versions R310.x, R320.x, R321.x, R322.1, R322.2, R323.x, R330.1 contains a command injection vulnerability. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Honeywell
NVD
EPSS 1% CVSS 9.1
CRITICAL Act Now

IBM Security Verify Directory 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Directory
NVD
EPSS 0% CVSS 8.5
HIGH This Week

When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +9
NVD
EPSS 66% CVSS 8.7
HIGH Act Now

F5 BIG-IP contains an authenticated command injection in the iControl REST API and TMOS Shell (tmsh) save command. Authenticated attackers can inject system commands through crafted save operations, executing arbitrary code on the BIG-IP appliance which typically handles load balancing and SSL termination for critical application infrastructure.

Command Injection Big Ip Access Policy Manager Big Ip Advanced Firewall Manager +19
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Multi Tenant Loadmaster Loadmaster
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Web Appliance could allow an authenticated, remote attacker to perform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cisco Asyncos
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aruba Clearpass Policy Manager
NVD
EPSS 13% CVSS 9.5
CRITICAL Act Now

DumpDrop is a stupid simple file upload application that provides an interface for dragging and dropping files. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.1% and no vendor patch available.

Command Injection RCE File Upload
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection
NVD
EPSS 55% CVSS 8.8
HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication command injection via Telnet management commands, companion vulnerability to CVE-2024-40890 affecting the same unsupported device.

Command Injection Zyxel Vmg1312 B10A Firmware +13
NVD
EPSS 46% CVSS 8.8
HIGH KEV THREAT Act Now

Zyxel VMG4325-B10A legacy DSL CPE contains post-authentication OS command injection in the CGI program, allowing authenticated attackers to execute OS commands via crafted HTTP POST requests. No patch available (EOL device).

Command Injection Zyxel Vmg1312 B10A Firmware +13
NVD
EPSS 75% 7.0 CVSS 8.8
HIGH POC KEV THREAT Act Now

Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Command Injection Authentication Bypass Ds 2105 Pro Firmware
NVD
EPSS 10% CVSS 4.8
MEDIUM Monitor

An issue was discovered on NRadio N8-180 NROS-1.9.2.n3.c5 devices. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 10.4% and no vendor patch available.

Command Injection
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC Act Now

Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Co2Scope +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

OpenPanel v0.3.4 was discovered to contain an OS command injection vulnerability via the timezone parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Openpanel
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Month

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Home Flex Nema 14 50 Plug Firmware +2
NVD
EPSS 1% CVSS 9.3
CRITICAL This Week

Affected products contain a vulnerability in the device cloud rpc command handling process that could allow remote attackers to take control over arbitrary devices connected to the cloud. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 21% CVSS 6.5
MEDIUM This Month

A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.6% and no vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL This Week

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 9.2
CRITICAL POC Act Now

A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Escan Anti Virus
NVD GitHub VulDB
EPSS 2% CVSS 9.3
CRITICAL This Week

A Remote Code Execution Vulnerability exists in the product and version listed above. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A privacy issue was addressed with improved handling of files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Apple Red Hat +1
NVD
EPSS 4% CVSS 10.0
CRITICAL POC Act Now

Network access can be used to execute arbitrary code with elevated privileges. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection
NVD Exploit-DB
EPSS 72% CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Cacti versions prior to 1.2.29 contain an authenticated command injection through the SNMP result parser. By injecting malformed OIDs into SNMP responses, authenticated users can execute arbitrary system commands when the results are processed by the ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes() functions.

Command Injection Cacti Suse
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC 1.06 suffers from Command Injection issues in /bin/goahead. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Br 6476Ac Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL This Week

DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL This Week

TRENDnet TEW-632BRP v1.010B31 devices have an OS command injection vulnerability in the CGl interface "ntp_sync.cgi",which allows remote attackers to execute arbitrary commands via parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tew 632Brp Firmware
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC This Week

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Coolify
NVD GitHub
EPSS 0% CVSS 8.5
HIGH POC PATCH This Week

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available.

RCE Command Injection Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM POC This Month

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection. Rated medium severity (CVSS 5.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goat G1 2000 Firmware Goat G1 Firmware +10
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Command Injection
NVD
EPSS 0% CVSS 7.2
HIGH This Month

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.8
HIGH This Month

A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ambari
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via the field id_email_check_btn. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E8450 Firmware
NVD GitHub
EPSS 6% CVSS 8.2
HIGH POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via userEmail. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E8450 Firmware
NVD GitHub
EPSS 1% CVSS 8.0
HIGH POC This Week

Linksys E8450 v1.2.00.360516 was discovered to contain a command injection vulnerability via wizard_status. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E8450 Firmware
NVD GitHub
EPSS 2% CVSS 9.1
CRITICAL POC Act Now

The script input feature of SpagoBI 3.5.1 allows arbitrary code execution. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Spagobi
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC This Week

TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A810R Firmware
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL This Week

IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Sterling Secure Proxy
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Multiple bash files were present in the application's private directory. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.6
HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac8 Firmware +2
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.7
HIGH This Month

A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Java
NVD
EPSS 2% CVSS 9.8
CRITICAL This Week

Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tenda Ac18 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Re11S Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Code Injection +1
NVD GitHub
Prev Page 31 of 87 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
7748

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy