Skip to main content

OS Command Injection

web CRITICAL

OS command injection occurs when an application passes unsanitized user input directly into system shell commands.

How It Works

OS command injection occurs when an application passes unsanitized user input directly into system shell commands. Instead of treating input as pure data, the shell interprets special characters as command separators or modifiers, allowing attackers to append arbitrary commands. Common injection points include system(), exec(), popen(), and backtick operators in languages like PHP, Python, and Ruby.

Attackers exploit shell metacharacters to break out of the intended command context. On both Unix and Windows, semicolons (;), pipes (|), and logical operators (&&, ||) chain multiple commands. Unix shells additionally interpret backticks and $() for command substitution, while newlines can also separate statements. For example, if an application executes ping -c 4 $USER_IP, an attacker supplying 8.8.8.8; cat /etc/passwd causes the server to run two commands sequentially.

Attacks manifest in three variants. Visible injection returns command output in the HTTP response, giving immediate feedback. Blind injection produces no direct output, requiring time-based detection (using sleep or timeout commands) or out-of-band confirmation via DNS lookups or HTTP callbacks to attacker-controlled servers. Attackers can also redirect output to web-accessible files for later retrieval.

Impact

  • Complete server compromise — execute any command with the application's privileges, often www-data or root
  • Lateral movement — scan internal networks, pivot to backend systems unreachable from the internet
  • Data exfiltration — dump databases, read configuration files containing credentials, access sensitive business data
  • Persistence mechanisms — install cron jobs, add SSH keys, deploy web shells for continued access
  • Denial of service — crash services, fill disk space, consume CPU resources
  • Supply chain attacks — modify application code or deployment artifacts to compromise downstream users

Real-World Examples

The Ivanti Cloud Service Appliance suffered CVE-2024-8190, where command injection in the administrative interface allowed unauthenticated attackers to execute arbitrary OS commands. CISA added it to the Known Exploited Vulnerabilities catalog after observing active exploitation against enterprise networks.

GitLab experienced multiple command injection vulnerabilities over the years, including issues in repository import functionality where Git URLs containing shell metacharacters were passed unsanitized to system commands, enabling remote code execution on self-hosted instances.

Network equipment frequently contains these flaws. Various Netgear routers have exhibited command injection in ping diagnostic tools, where user-supplied IP addresses were concatenated directly into shell commands without validation, granting attackers complete device control.

Mitigation

  • Eliminate OS commands entirely — use native language libraries (filesystem APIs, network functions) instead of shelling out
  • Strict input allowlisting — permit only exact matches against predefined values; validate format with regex before any processing
  • Parameterized execution APIs — use execve() or language equivalents that pass arguments as arrays, bypassing the shell interpreter completely
  • Principle of least privilege — run application processes with minimal permissions to limit compromise impact
  • Input validation — enforce expected patterns (IP addresses, alphanumeric IDs) but never rely on blacklisting metacharacters

Recent CVEs (7748)

EPSS 1% CVSS 2.7
LOW Monitor

Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Axis Os Axis Os 2022 +1
NVD
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 27% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 27% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 28% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 29% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens500 Ac Firmware +1
NVD VulDB
EPSS 26% CVSS 5.1
MEDIUM POC THREAT This Month

A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Enh1350Ext Firmware Ens620Ext Firmware +1
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.0.4. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Salia Plcc Firmware
NVD
EPSS 2% CVSS 7.8
HIGH POC PATCH This Week

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection Virtualenv
NVD GitHub
EPSS 2% CVSS 10.0
CRITICAL Act Now

An OS Command Injection vulnerability exists within myPRO Manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 64% CVSS 10.0
CRITICAL POC THREAT Emergency

A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Infotainment
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Vns3
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cam V3 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Unified Secops Platform
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Command Injection
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

An OS command injection vulnerability has been reported to affect several product versions. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 1% CVSS 9.5
CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Qurouter
NVD
EPSS 2% CVSS 8.7
HIGH This Week

An OS command injection vulnerability has been reported to affect Notes Station 3. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Notes Station 3
NVD
EPSS 1% CVSS 8.0
HIGH This Week

OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 19% CVSS 6.3
MEDIUM POC THREAT This Month

TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ex200 Firmware
NVD GitHub
EPSS 10% CVSS 8.0
HIGH POC THREAT This Week

TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Ipc42C Firmware
NVD GitHub
EPSS 12% CVSS 8.0
HIGH POC THREAT This Week

Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Linksys Command Injection E3000 Firmware
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

LLama Factory enables fine-tuning of large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Command Injection Llama Factory
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM This Month

An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL Act Now

An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
EPSS 6% CVSS 9.8
CRITICAL Act Now

An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Gocast
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 6% CVSS 7.2
HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 8% CVSS 7.2
HIGH POC This Week

Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 11% CVSS 7.2
HIGH POC THREAT This Week

An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Mc Lr Router Firmware
NVD
EPSS 1% CVSS 8.5
HIGH This Week

A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fabric Operating System
NVD
EPSS 91% CVSS 6.9
MEDIUM POC THREAT This Month

Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism.4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Pandora Fms
NVD
EPSS 30% CVSS 9.8
CRITICAL POC THREAT Act Now

D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8200 Firmware
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 9% CVSS 8.0
HIGH POC This Week

D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Di 8400 Firmware
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 4% CVSS 8.8
HIGH This Week

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Trend Micro +1
NVD
EPSS 12% CVSS 7.8
HIGH PATCH This Week

Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Needrestart
NVD GitHub
EPSS 3% CVSS 2.7
LOW Monitor

StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 95% CVSS 6.9
MEDIUM POC KEV THREAT This Month

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Paloalto Command Injection +1
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in supsystic Popup by Supsystic popup-by-supsystic allows Command Injection.10.29. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deserialization
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Command Injection Hertzbeat
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nus M9 Erp
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

A reachable assertion in the ogs_nas_emm_decode function of Open5GS v2.7.0 allows attackers to cause a Denial of Service (DoS) via a crafted NAS packet with a zero-length EMM message length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Denial Of Service Open5gs
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Reachable assertions in the NGAP_FIND_PROTOCOLIE_BY_ID function of OpenAirInterface Magma v1.8.0 and OAI EPC Federation v1.2.0 allow attackers to cause a Denial of Service (DoS) via a crafted NGAP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Denial Of Service
NVD GitHub
EPSS 28% CVSS 9.8
CRITICAL POC THREAT Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Synology +2
NVD
EPSS 29% CVSS 9.8
CRITICAL POC KEV THREAT Act Now

Certain EOL GeoVision devices have an OS Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gv Vs12 Firmware Gv Vs11 Firmware +2
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

The GitHub CLI version 2.6.1 and earlier are vulnerable to remote code execution through a malicious codespace SSH server when using `gh codespace ssh` or `gh codespace logs` commands. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Cli
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Command Injection Privategpt
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Paloalto Command Injection +1
NVD
EPSS 7% CVSS 6.5
MEDIUM This Month

Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Command Injection G3 Firmware
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 8% CVSS 8.0
HIGH This Week

An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

D-Link Command Injection RCE
NVD GitHub
EPSS 1% CVSS 7.2
HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Command Injection Microsoft +1
NVD
EPSS 1% CVSS 6.7
MEDIUM This Month

Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortianalyzer +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +5
NVD
EPSS 1% CVSS 8.6
HIGH PATCH This Week

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 2% CVSS 7.2
HIGH This Week

Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Ivanti +2
NVD
EPSS 1% CVSS 9.4
CRITICAL Act Now

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Sinec Ins
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Os10
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Command Injection Dell +1
NVD
EPSS 1% CVSS 6.8
MEDIUM This Month

A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Zyxel Command Injection Gs1900 8 Firmware +9
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD
EPSS 1% CVSS 8.0
HIGH POC This Week

D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection RCE +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ews356 Fit Firmware
NVD GitHub
EPSS 2% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 1% CVSS 7.2
HIGH This Week

The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

D-Link Command Injection Dsl6740C Firmware
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection
NVD
Prev Page 34 of 87 Next

Quick Facts

Typical Severity
CRITICAL
Category
web
Total CVEs
7748

Related CWEs

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy