CVE-2021-34066

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

Deserialization of untrusted data

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

CVE-2021-34066

An issue was discovered in EdgeGallery/developer before v1.0. There is a "Deserialization of yaml file" vulnerability that can allow attackers to execute system command through uploading the malicious constructed YAML file...

DRK Odenwaldkreis Testerfassung 操作系统命令注入漏洞

DRK Odenwaldkreis Testerfassung is an open source solution for obtaining and documenting corona antigen rapid test results. DRK Odenwaldkreis Testerfassung March-2021 An operating system command injection vulnerability, which originates in the application's results.php Shell metacharacter injecti...

CVE-2021-28634

Acrobat Reader DC versions 2021.005.20054 and earlier, 2020.004.30005 and earlier and 2017.011.30197 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command. An authenticated attacker could leverage this vulnerability to achieve arbitrary code execution on...

ProLink PRC2402M Command Injection Vulnerability (CNVD-2021-68447)

ProLink PRC2402M is a router from ProLink Singapore. A command injection vulnerability exists in the setsyscmd function in the adm.cgi binary file of ProLink PRC2402M 1.0.18 and prior versions. An attacker could exploit this vulnerability to cause command injection by passing the command paramete...

PYSEC-2021-116

This affects the package bikeshed before 3.0.0. This can occur when an untrusted source file containing Inline Tag Command metadata is processed. When an arbitrary OS command is executed, the command output would be included in the HTML output...

CVE-2021-36982

AIMANAGER before B115 on MONITORAPP Application Insight Web Application Firewall AIWAF devices with Manager 2.1.0 allows OS Command Injection because of missing input validation on one of the parameters of an HTTP request...

COVID19 Testing Management System 1.0 - (searchdata) SQL Injection Vulnerability

Exploit Title: COVID19 Testing Management System 1.0 - 'searchdata' SQL Injection Google Dork: intitle: "COVID19 Testing Management System" Exploit Author: Ashish Upsham Vendor Homepage: https://phpgurukul.com Software Link:...

CVE-2021-36706

In ProLink PRC2402M V1.0.18 and older, the setsyscmd function in the adm.cgi binary, accessible with a page parameter value of sysCMD contains a trivial command injection where the value of the command parameter is passed directly to system...

GHSA-H86X-MV66-GR5Q OS Command Injection in Locutus

php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution...

CVE-2020-25206

CVE-2020-25206 affects Mimosa B5/B5c/C5x firmware up to 2.8.0.2. The web console exposes authenticated command injection in Throughput.php, WANStats.php, PhyStats.php, and QosStats.php endpoints, enabling an attacker with web-console access to execute OS commands and take full control of the devi...

osCommerce 2.3.4.1 Remote Code Execution

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

osCommerce 2.3.4.1 - Remote Code Execution Exploit (2)

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

Aruba ClearPass Policy Manager 命令注入漏洞

Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager suffers from a command injection vulnerability that originates from the product not doing security checks on user input data, which...

MDT AutoSave 操作系统操作系统命令注入漏洞

MDT AutoSave is a software application. It provides an automated change management function. An operating system command injection vulnerability exists in MDT AutoSave, which stems from the application's API not validating data data effectively, allowing an attacker to execute system commands by...

OS Command Injection in falconchristmas/fpp

✍️ Description Hi, it is possible to inject arbitrary OS commands in https://github.com/FalconChristmas/fpp/blob/59b7f7e8039a7019143c2c4b44f7d95b6358a4ef/www/formatstorage.phpL24 php &1"; echo "Command: $command\n"; echo...

SonicWall NSM On-Prem 操作系统命令注入漏洞

SonicWall NSM On-Prem is an application from Sonicwall USA, Inc. It provides unlimited scalability to support thousands of SonicWall security appliances under its management. SonicWall NSM On-Prem suffers from an operating system command injection vulnerability that can be exploited by an attacke...

CVE-2021-24307

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup...

Design/Logic Flaw

The All in One SEO – Best WordPress SEO Plugin – Easily Improve Your SEO Rankings before 4.1.0.2 enables authenticated users with "aioseotoolssettings" privilege most of the time admin to execute arbitrary code on the underlying host. Users can restore plugin's configuration by uploading a backup...