CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2026-28517

CVE-2026-28517 : openDCIM 23.04 (through commit 4467e9c4) contains an OS command injection in report_network_map.php. The app reads the database-sourced fac_Config.dot value and passes it directly to exec() without validation, enabling an attacker who can modify that value to execute arbitrary co...

EUVD-2026-9010

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection.This issue affects Frick Controls Quantum HD version 10.22 and prior...

openDCIM 操作系统命令注入漏洞

openDCIM is an open-source data center inventory management DCIM application. Version 23.04 of openDCIM contains a vulnerability related to operating system command injection. This vulnerability stems from the lack of validation or cleanup of user input in the reportnetworkmap.php file, which may...

WordPress plugin WPGraphQL 操作系统命令注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

GO-2026-4547 OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin

OliveTin: OS Command Injection via password argument type and webhook JSON extraction bypasses shell safety checks in github.com/OliveTin/OliveTin...

Zyxel EX3301-T0 操作系统命令注入漏洞

The Zyxel EX3301-T0 is a security routing gateway produced by the Chinese company Zyxel. Versions of the Zyxel EX3301-T0 prior to 5.50ABVY.7C0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the log file download function, where command...

InSAT MasterSCADA BUK-TS 操作系统命令注入漏洞

InSAT MasterSCADA BUK-TS is an industrial automation control component developed by the Russian company InSAT. InSAT MasterSCADA BUK-TS has a vulnerability related to OS command injection. This vulnerability stems from the presence of OS command injection in the MMadmServ Web interface fields,...

PT-2026-21800

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to OS command injection through a field in its MMadmServ web interface. This allows attackers to potentially execute remote code. The vulnerabilit...

CVE-2026-2847

A vulnerability was detected in UTT HiPER 520 1.7.7-160105. Affected is the function sub44EFB4 of the file /goform/formReleaseConnect of the component Web Management Interface. The manipulation of the argument IspName results in os command injection. The attack can be launched remotely. The explo...

PT-2026-21285

Name of the Vulnerable Software and Affected Versions PROLiNK PRC2402M versions prior to 2021-06-13 Description The PROLiNK PRC2402M router firmware contains a flaw that allows for arbitrary OS command execution. The issue resides in the live api.cgi script when handling the page=satellite list...

kodbox 操作系统命令注入漏洞

Kodbox is a network file manager developed by Warlee’s individual developer. Versions of Kodbox 1.64.05 and earlier had a vulnerability related to operating system command injection. This vulnerability stemmed from an improper handling of the localFile parameter in the run function of the Media...

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

CVE-2026-2184 Great Developers Certificate Generation System csv.php os command injection

A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os command injection. The attack can be...

CVE-2026-2155

The CVE-2026-2155 entry concerns D-Link DIR-823X (version 250416) and the Configuration Handler’s /goform/set_dmz component. The flaw resides in function sub_4208A0, where manipulating the arguments dmz_host/dmz_enable enables operating system command injection. This allows remote execution of co...

CVE-2026-2120 D-Link DIR-823X Configuration Parameter set_server_settings os command injection

A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/setserversettings of the component Configuration Parameter Handler. The manipulation of the argument terminaladdr/serverip/serverport leads to os command injection. The attack may be...

UTT 521G 操作系统命令注入漏洞

UTT 521G is a router produced by the Chinese company Aite UTT. The version UTT 521G 3.1.1-190816 contains a vulnerability related to operating system command injection. This vulnerability arises from improper handling of the parameter policyNames in the function sub446B18 within the...

PT-2026-6988

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A security issue exists in D-Link DIR-823X version 250416. The sub 4175CC function within the /goform/set static route table file is susceptible to OS command injection. Manipulation of the interface,...

Claude Code 操作系统命令注入漏洞

Claude Code is an open-source terminal-native AI programming tool developed by Anthropic. Versions of Claude Code prior to 2.0.55 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insufficient validation of commands that utilized the echo...

Gogs 操作系统命令注入漏洞

Gogs Go Git Service is a Go-based self-service Git hosting service developed by the Gogs team. It supports creating and migrating public/private repositories, as well as adding and removing repository collaborators. Gogs versions 0.13.3 and earlier had an operating system command injection...