CVE-2022-48255

CVE-2022-48255 concerns a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325 (Huawei printer). The underlying issue is command injection that could allow remote code execution. Documented impact is remote code execution with network access and no user interaction required. Connect...

Sme.UP ERP TOKYO V6R1M220406 操作系统命令注入漏洞

Sme.UP ERP is a management software developed by Sme.UP Italy to meet the needs of its customers. A security vulnerability exists in Sme.UP ERP TOKYO V6R1M220406 version, which originates from the presence of an operating system command injection vulnerability...

CVE-2022-48255

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution...

CVE-2022-48259

The CVE-2022-48259 entry concerns Huawei BiSheng-WNM FW 3.0.0.325. The connected docs confirm a system command injection vulnerability that can lead to higher privileges. Attack vector is network-based (AV:N) with low attack complexity and no user interaction required, resulting in high impact to...

CVE-2022-48255

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. A Huawei printer has a system command injection vulnerability. Successful exploitation could lead to remote code execution...

CVE-2022-48259

There is a system command injection vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could allow attackers to gain higher privileges...

Korenix Technology Korenix JetWave 命令注入漏洞

Korenix Technology Korenix JetWave is a family of wireless access points from Korenix Technology. A security vulnerability exists in Korenix Technology Korenix JetWave 4200 Series version 1.3.0, JetWave 3000 Series version 1.6.0. An attacker can exploit the vulnerability to execute commands as ro...

SUSE CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command...

CVE-2023-0830 EasyNAS backup.pl system os command injection

A vulnerability classified as critical has been found in EasyNAS 1.1.0. Affected is the function system of the file /backup.pl. The manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is...

CVE-2023-24523

Summary: CVE-2023-24523 affects SAP Host Agent (Start Service) version 7.21 and 7.22. A non-admin user with local access can trigger ConfigureOutsideDiscovery to execute an OS command with administrator privileges, enabling read/modify of any user or system data and potentially making the system ...

PT-2023-1391 · Schneider Electric · Struxureware Data Center Expert

Name of the Vulnerable Software and Affected Versions: StruxureWare Data Center Expert versions 7.9.2 and prior Description: A CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could allow a user that knows the credentials t...

PT-2023-6843 · Easynas · Easynas

Name of the Vulnerable Software and Affected Versions: EasyNAS version 1.1.0 Description: A critical vulnerability has been found in the function system of the file /backup.pl, leading to os command injection. The manipulation can be launched remotely, and the exploit has been disclosed to the...

FreshTomato 操作系统命令注入漏洞

FreshTomato is a Linux-based open source firmware from FreshTomato Open Source. The firmware provides a variety of features for Broadcom-based routers. A security vulnerability exists in FreshTomato version 2022.5 that stems from the presence of operating system command injection, which can be...

CVE-2022-42491

Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is...

Control Web Panel OS Command Injection Exploitation Increases After POC Release

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary On January 3, 2023, a security researcher published a proof-of-concept exploit for a vulnerability in Control Web Panel CWP that allows unauthenticated remote code execution. By January 6, the...

OrangeScrum 操作系统命令注入漏洞

Orangescrum is a project and task management software tool that also provides productivity tools for work organization and team collaboration. Orangescrum suffers from an operating system command injection vulnerability that originates when the application injects an attacker-controlled parameter...

CVE-2022-3091

RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system OS commands...

Multiple vulnerabilities in PIXELA PIX-RT100

Overview PIX-RT100 provided by PIXELA CORPORATION contains multiple vulnerabilities listed below. OS command injection CWE-78 - CVE-2023-22304 Backdoor access issue CWE-912 - CVE-2023-22316 MASAHIRO IIDA of LAC Co.,Ltd. reported these vulnerabilities to IPA. JPCERT/CC coordinated with the develop...

CVE-2022-48252

The jokob-sk/Pi.Alert fork before 22.12.20 of Pi.Alert allows Remote Code Execution via nmapscan.php scan parameter OS Command Injection...

MAHO-PBX NetDevancer series 操作系统命令注入漏洞

The MAHO-PBX NetDevancer series is an IP-PBX system from MAHO-PBX Japan. A security vulnerability exists in the MAHO-PBX NetDevancer, which is caused by an operating system command injection in the Management screen, and can be exploited by a remote attacker to execute arbitrary operating system...