5 matches found
EUVD-2022-55966
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
DrayTek Vigor 2960 操作系统命令注入漏洞
The DrayTek Vigor 2960 is a router product developed by DrayTek Corporation. Versions prior to 1.5.1.4 of the DrayTek Vigor 2960 contained an operating system command injection vulnerability. This vulnerability stemmed from issues with OS command injection in the CGI login processing mechanism. I...
CVE-2026-7458
The User Verification by PickPlugins plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.46. This is due to the use of a loose PHP comparison operator to validate OTP codes in the "userverificationformwrapprocessotpLogin" function. This makes it...