Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-11 | CVE-2023-28381 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
| 2023-10-11 | CVE-2023-34356 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
| 2023-10-11 | CVE-2023-35193 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
| 2023-10-11 | CVE-2023-35194 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
| 2023-10-10 | CVE-2022-22298 | OS Command Injection vulnerability in Fortinet Fortiisolator A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | 7.8 |
| 2023-10-10 | CVE-2023-25607 | OS Command Injection vulnerability in Fortinet Fortiadc, Fortianalyzer and Fortimanager An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. | 7.8 |
| 2023-10-10 | CVE-2023-34985 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
| 2023-10-10 | CVE-2023-34986 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
| 2023-10-10 | CVE-2023-34987 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |
| 2023-10-10 | CVE-2023-34988 | OS Command Injection vulnerability in Fortinet Fortiwlm A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 |