Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-7448 OS Command Injection vulnerability in Magnetforensics Axiom 8.0.0.39753
Magnet Forensics AXIOM Command Injection Remote Code Execution Vulnerability.
low complexity
magnetforensics CWE-78
8.0
2024-08-21 CVE-2020-11847 OS Command Injection vulnerability in Microfocus Netiq Privileged Access Manager 3.7
SSH authenticated user when access the PAM server can execute an OS command to gain the full system access using bash.
local
low complexity
microfocus CWE-78
7.8
2024-08-19 CVE-2024-42633 OS Command Injection vulnerability in Linksys E1500 Firmware 1.0.06.001
A Command Injection vulnerability exists in the do_upgrade_post function of the httpd binary in Linksys E1500 v1.0.06.001.
network
low complexity
linksys CWE-78
8.8
2024-08-14 CVE-2024-39401 OS Command Injection vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker.
network
low complexity
adobe CWE-78
8.4
2024-08-14 CVE-2024-39402 OS Command Injection vulnerability in Adobe Commerce
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an admin attacker.
network
low complexity
adobe CWE-78
8.4
2024-08-13 CVE-2022-27486 OS Command Injection vulnerability in Fortinet Fortiddos and Fortiddos-F
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root` via `execute` CLI commands.
local
low complexity
fortinet CWE-78
7.8
2024-08-13 CVE-2024-42737 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist.
network
low complexity
totolink CWE-78
8.8
2024-08-13 CVE-2024-42738 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setDmzCfg.
network
low complexity
totolink CWE-78
8.8
2024-08-13 CVE-2024-42739 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setAccessDeviceCfg.
network
low complexity
totolink CWE-78
8.8
2024-08-12 CVE-2024-42741 OS Command Injection vulnerability in Totolink X5000R Firmware 9.1.0U.6369B20230113
In TOTOLINK X5000r v9.1.0cu.2350_b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg.
network
low complexity
totolink CWE-78
8.8