Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43129 OS Command Injection vulnerability in Dlink Dir-806 Firmware 100Cnb11
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters.
network
low complexity
dlink CWE-78
critical
9.8
2023-09-22 CVE-2023-43130 OS Command Injection vulnerability in Dlink Dir-806 Firmware 100Cnb11
D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection.
network
low complexity
dlink CWE-78
critical
9.8
2023-09-22 CVE-2022-3874 OS Command Injection vulnerability in multiple products
A command injection flaw was found in foreman.
network
low complexity
redhat theforeman CWE-78
critical
9.1
2023-09-22 CVE-2023-23362 OS Command Injection vulnerability in Qnap QTS and Qutscloud
An OS command injection vulnerability has been reported to affect QNAP operating systems.
network
low complexity
qnap CWE-78
8.8
2023-09-20 CVE-2023-0118 OS Command Injection vulnerability in multiple products
An arbitrary code execution flaw was found in Foreman.
network
low complexity
theforeman redhat CWE-78
critical
9.1
2023-09-19 CVE-2022-47555 OS Command Injection vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.
network
low complexity
ormazabal CWE-78
8.8
2023-09-15 CVE-2023-28614 OS Command Injection vulnerability in Freewillsolutions Smart Trade 20.01.01.04
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.
network
low complexity
freewillsolutions CWE-78
critical
9.8
2023-09-13 CVE-2022-35849 OS Command Injection vulnerability in Fortinet Fortiadc
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
network
low complexity
fortinet CWE-78
8.8
2023-09-13 CVE-2023-36642 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-78
7.8
2023-09-06 CVE-2023-41149 OS Command Injection vulnerability in F-Revocrm 7.3.7/7.3.8
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability.
network
low complexity
f-revocrm CWE-78
critical
9.8