392 matches found
Algo 8028 Control Panel 操作系统命令注入漏洞
The Algo 8028 Control Panel is a web configuration interface for an access control intercom system from Algo. An operating system command injection vulnerability exists in Algo 8028 Control Panel version 3.3.3, which stems from the presence of command injection in the fm-data.lua endpoint, which...
PT-2026-2456
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...
CVE-2019-18647
The Untangle NG firewall 14.2.0 is vulnerable to an authenticated command injection when logged in as an admin user...
CVE-2025-23052
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system...
PT-2026-1669
Name of the Vulnerable Software and Affected Versions FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Description The FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection issue. An attacker with valid credentials can execute shell commands wit...
CVE-2017-20215 FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 Authenticated OS Command Injection
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complet...
Cayin Signage Media Player 操作系统命令注入漏洞
Cayin Signage Media Player is a series of electronic signage playback terminals from Cayin, a Taiwan-based company. An operating system command injection vulnerability exists in Cayin Signage Media Player version 3.0, which originates from an authenticated remote command injection vulnerability i...
CVE-2021-47745
CVE-2021-47745 affects Cypress Solutions CTM-200 firmware 2.7.1. The authenticated command injection occurs in the firmware upgrade script via the fw_url parameter in ctm-config-upgrade.sh, allowing a remote attacker to inject and execute arbitrary commands with root privileges. CVSS metrics indi...
EUVD-2022-55933
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
CVE-2022-50793
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
CVE-2022-50793
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
CVE-2022-50793 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php
SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' paramete...
PT-2025-54241
Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and earlier Description The software contains an authenticated command injection issue in the www-data-handler.php script. Attackers can inject system commands through the services POST parameter...
CVE-2019-25243 FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort'...
CVE-2025-43876
CVE-2025-43876 affects Johnson Controls iSTAR family (Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2). It is described as an authenticated web application command injection impacting get8021xSettings, with a root cause leading to unauthorized device access under certain circumstances. Publ...
CVE-2025-66210
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute...
CVE-2025-66213
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions...
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...
CVE-2025-66212 Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Configuration Filename
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions t...