Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-30 | CVE-2023-48806 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
| 2023-11-30 | CVE-2023-48807 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
| 2023-11-30 | CVE-2023-48808 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
| 2023-11-30 | CVE-2023-48810 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
| 2023-11-30 | CVE-2023-48811 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
| 2023-11-30 | CVE-2023-48812 | OS Command Injection vulnerability in Totolink X6000R Firmware 9.4.0Cu.852B20230719 In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function that when passed to the CsteSystem function creates a command execution vulnerability. | 9.8 |
| 2023-11-30 | CVE-2023-3741 | OS Command Injection vulnerability in NEC products An OS Command injection vulnerability in NEC Platforms DT900 and DT900S Series all versions allows an attacker to execute any command on the device. | 9.8 |
| 2023-11-29 | CVE-2023-23325 | OS Command Injection vulnerability in Zumtobel Netlink CCD Firmware 3.80 Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter. | 9.8 |
| 2023-11-28 | CVE-2023-4221 | OS Command Injection vulnerability in Chamilo LMS Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | 8.8 |
| 2023-11-28 | CVE-2023-4222 | OS Command Injection vulnerability in Chamilo LMS Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters. | 8.8 |