Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2024-06-24 CVE-2024-4748 OS Command Injection vulnerability in J11G Cruddiy
The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server.  The exploitation risk is limited since CRUDDIY is meant to be launched locally.
local
low complexity
j11g CWE-78
7.8
2024-06-17 CVE-2024-6047 Certain EOL GeoVision devices fail to properly filter user input for the specific functionality.
network
low complexity
CWE-78
critical
9.8
2024-06-09 CVE-2024-4577 OS Command Injection vulnerability in multiple products
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions.
network
low complexity
php fedoraproject CWE-78
critical
9.8
2024-06-06 CVE-2024-36394 OS Command Injection vulnerability in Sysaid
SysAid - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
network
low complexity
sysaid CWE-78
critical
9.8
2024-06-04 CVE-2024-29972 ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
network
low complexity
CWE-78
critical
9.8
2024-06-04 CVE-2024-29973 ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request.
network
low complexity
CWE-78
critical
9.8
2024-05-27 CVE-2024-5403 ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server.
network
low complexity
CWE-78
7.2
2024-05-27 CVE-2024-5400 Openfind Mail2000 does not properly filter parameters of specific CGI.
network
low complexity
CWE-78
8.8
2024-05-27 CVE-2024-5399 Openfind Mail2000 does not properly filter parameters of specific API.
network
low complexity
CWE-78
7.2
2024-05-16 CVE-2024-30314 Dreamweaver Desktop versions 21.3 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker.
local
low complexity
CWE-78
8.2