Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-09-19 CVE-2022-47555 OS Command Injection vulnerability in Ormazabal Ekorccp Firmware and Ekorrci Firmware
Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.
network
low complexity
ormazabal CWE-78
8.8
2023-09-15 CVE-2023-28614 OS Command Injection vulnerability in Freewillsolutions Smart Trade 20.01.01.04
Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.
network
low complexity
freewillsolutions CWE-78
critical
9.8
2023-09-13 CVE-2022-35849 OS Command Injection vulnerability in Fortinet Fortiadc
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
network
low complexity
fortinet CWE-78
8.8
2023-09-13 CVE-2023-36642 OS Command Injection vulnerability in Fortinet Fortitester
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.
local
low complexity
fortinet CWE-78
7.8
2023-09-06 CVE-2023-41149 OS Command Injection vulnerability in F-Revocrm 7.3.7/7.3.8
F-RevoCRM version7.3.7 and version7.3.8 contains an OS command injection vulnerability.
network
low complexity
f-revocrm CWE-78
critical
9.8
2023-09-06 CVE-2023-31188 OS Command Injection vulnerability in Tp-Link Archer C50 V3 Firmware and Archer C55 Firmware
Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0
2023-09-06 CVE-2023-36489 OS Command Injection vulnerability in Tp-Link products
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.8
2023-09-06 CVE-2023-38563 OS Command Injection vulnerability in Tp-Link Archer C1200 Firmware and Archer C9 Firmware
Archer C1200 firmware versions prior to 'Archer C1200(JP)_V2_230508' and Archer C9 firmware versions prior to 'Archer C9(JP)_V3_230508' allow a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.8
2023-09-06 CVE-2023-38568 OS Command Injection vulnerability in Tp-Link Archer A10 Firmware 230504
Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.8
2023-09-06 CVE-2023-38588 OS Command Injection vulnerability in Tp-Link Archer C3150 Firmware
Archer C3150 firmware versions prior to 'Archer C3150(JP)_V2_230511' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.
low complexity
tp-link CWE-78
8.0