Vulnerabilities > Improper Neutralization of Special Elements used in a Command ('Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-01 | CVE-2022-39987 | Command Injection vulnerability in Raspap A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php. | 8.8 |
| 2023-08-01 | CVE-2023-34960 | Command Injection vulnerability in Chamilo A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name. | 9.8 |
| 2023-07-30 | CVE-2023-37214 | Command Injection vulnerability in Heights-T Ero1Xs-Pro Firmware Heights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025. | 9.8 |
| 2023-07-27 | CVE-2023-28012 | Command Injection vulnerability in Hcltech Bigfix Mobile 3.0 HCL BigFix Mobile is vulnerable to a command injection attack. | 8.8 |
| 2023-07-26 | CVE-2023-28130 | Command Injection vulnerability in Checkpoint Gaia Portal Local user may lead to privilege escalation using Gaia Portal hostnames page. | 7.2 |
| 2023-07-14 | CVE-2023-37794 | Command Injection vulnerability in Wayos Fbm-291W Firmware 19.09.11V WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp. | 9.8 |
| 2023-07-14 | CVE-2023-38336 | Command Injection vulnerability in Netkit 0.1724 netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. | 9.8 |
| 2023-07-14 | CVE-2023-38286 | Command Injection vulnerability in multiple products Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. | 7.5 |
| 2023-07-13 | CVE-2023-37566 | Command Injection vulnerability in Elecom Wrc-1167Febk-A Firmware and Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page. | 8.0 |
| 2023-07-13 | CVE-2023-37567 | Command Injection vulnerability in Elecom Wrc-1167Ghbk3-A Firmware Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. | 9.8 |