Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) — Vulnerability Class 2675

2675 vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-37937 Fortinet FortiSwitch 操作系统命令注入漏洞 — FortiSwitch 7.6 High2025-01-14
CVE-2024-56497 Fortinet FortiMail和FortiRecorder 操作系统命令注入漏洞 — FortiMail 6.5 Medium2025-01-14
CVE-2024-50566 Fortinet FortiManager 操作系统命令注入漏洞 — FortiManager 7.2 High2025-01-14
CVE-2025-20055 STEALTHONE D220和STEALTHONE D340 操作系统命令注入漏洞 — STEALTHONE D220 9.8 Critical2025-01-14
CVE-2025-20016 STEALTHONE多款产品 操作系统命令注入漏洞 — STEALTHONE D220 7.2 High2025-01-14
CVE-2025-0107 Expedition: OS Command Injection Vulnerability — Cloud NGFW 10.0 -2025-01-11
CVE-2024-12847 NETGEAR DGN setup.cgi OS Command Injection — DGN1000 9.8 Critical2025-01-10
CVE-2024-43653 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43651 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43649 Authenticated command injection via <redacted>.exe <redacted> parameter — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43654 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43657 When uploading new firmware, a shell script inside a firmware file is executed during its processing. This can be used to craft a custom firmware file with a custom script with arbitrary code, which will then be executed on the charging station. — Iocharger firmware for AC models 7.8 -2025-01-09
CVE-2024-43656 A backup can be manipulated and then restored to create arbitrary files inside the <redacted> directory. A CGI script can be added to the web directory this way, allowing for full remote code execution. — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43648 Authenticated command injection via <redacted>.exe <redacted> parameter — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43652 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC chargers 8.8 -2025-01-09
CVE-2024-43650 Authenticated command injection in the <redacted> action leads to full remote code execution as root on the charging station — Iocharger firmware for AC models 8.8 -2025-01-09
CVE-2024-43655 Any authenticated users can execute OS commands as root using the <redacted>.sh CGI script. — Iocharger firmware for AC models 6.6 -2025-01-09
CVE-2024-50603 Aviatrix Controller 操作系统命令注入漏洞 — Controller 10.0 Critical2025-01-08
CVE-2024-11681 Remote Code Execution in MacPorts — MacPorts 8.4 -2025-01-07
CVE-2024-12970 OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer — Pardus OS My Computer 3.9 Low2025-01-06
CVE-2024-13129 Roxy-WI roxy.py action_service os command injection — Roxy-WI 8.8 High2025-01-03
CVE-2024-9140 MOXA多款产品 安全漏洞 — EDR-8010 Series 9.8 Critical2025-01-03
CVE-2024-56137 MaxKB RCE vulnerability in function library — MaxKB 6.8 Medium2025-01-02
CVE-2024-12828 Webmin CGI Command Injection Remote Code Execution Vulnerability — Webmin 8.8 -2024-12-30
CVE-2024-54181 IBM WebSphere Automation command injection — WebSphere Automation 7.2 High2024-12-30
CVE-2024-47919 Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') — CMS 9.8 Critical2024-12-30
CVE-2024-47918 Tiki Wiki CMS – CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) — CMS 6.1 Medium2024-12-30
CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection — F3x24 7.2 High2024-12-27
CVE-2024-12987 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupload os command injection — Vigor2960 7.3 High2024-12-27
CVE-2024-12986 DrayTek Vigor2960/Vigor300B Web Management Interface apmcfgupptim os command injection — Vigor2960 7.3 High2024-12-27

Vulnerabilities classified as CWE-78 (OS命令中使用的特殊元素转义处理不恰当(OS命令注入)) represent 2675 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.