Vulnerabilities > Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2022-48584 | OS Command Injection vulnerability in Sciencelogic SL1 A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command. | 8.8 |
| 2023-08-09 | CVE-2023-38208 | OS Command Injection vulnerability in Adobe Commerce Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. | 7.2 |
| 2023-08-09 | CVE-2023-37861 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device. | 8.8 |
| 2023-08-09 | CVE-2023-37863 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. | 7.2 |
| 2023-08-08 | CVE-2023-37569 | OS Command Injection vulnerability in Esds.Co Emagic Data Center Management This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. | 8.8 |
| 2023-08-08 | CVE-2023-3570 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device. | 8.8 |
| 2023-08-08 | CVE-2023-3571 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device. | 8.8 |
| 2023-08-08 | CVE-2023-3572 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device. | 10.0 |
| 2023-08-08 | CVE-2023-3573 | OS Command Injection vulnerability in Phoenixcontact products In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device. | 8.8 |
| 2023-08-04 | CVE-2023-33374 | OS Command Injection vulnerability in Connectedio Connected IO Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. | 9.8 |