Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-45625 | Command Injection vulnerability in multiple products Multiple authenticated command injection vulnerabilities exist in the command line interface. | 7.2 |
| 2023-11-14 | CVE-2023-42326 | Command Injection vulnerability in Netgate Pfsense and Pfsense Plus An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 8.8 |
| 2023-11-06 | CVE-2023-47253 | Command Injection vulnerability in Qualitor Qalitor Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | 9.8 |
| 2023-11-01 | CVE-2023-20219 | Command Injection vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2023-11-01 | CVE-2023-20220 | Command Injection vulnerability in Cisco Secure Firewall Management Center Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. | 8.8 |
| 2023-10-31 | CVE-2023-46484 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | 9.8 |
| 2023-10-31 | CVE-2023-46485 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | 9.8 |
| 2023-10-31 | CVE-2023-46993 | Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | 9.8 |
| 2023-10-31 | CVE-2023-46976 | Command Injection vulnerability in Totolink A3300R Firmware 17.0.0Cu.557B20221024 TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | 9.8 |
| 2023-10-31 | CVE-2023-46979 | Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | 9.8 |