Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-10039

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-31 Jul, 2025 | 14:55
Updated At-15 May, 2026 | 11:14
Rejected At-
Credits

GestioIP 3.0 ip_checkhost.cgi RCE

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:31 Jul, 2025 | 14:55
Updated At:15 May, 2026 | 11:14
Rejected At:
▼CVE Numbering Authority (CNA)
GestioIP 3.0 ip_checkhost.cgi RCE

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.

Affected Products
Vendor
GestioIP
Product
IPAM
Modules
  • ip_checkhost.cgi
Default Status
unaffected
Versions
Affected
  • From 0 before 3.0 commit ac67be (custom)
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Type: CWE
CWE ID: CWE-78
Description: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Metrics
VersionBase scoreBase severityVector
4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-88CAPEC-88 OS Command Injection
CAPEC ID: CAPEC-88
Description: CAPEC-88 OS Command Injection
Solutions

Configurations

Workarounds

Exploits

Credits

finder
bperry
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/gestioip_exec.rb
exploit
https://sourceforge.net/p/gestioip/gestioip/ci/ac67be9fce5ee4c0438d27dfa5c1dcbca08c457c/
patch
https://sourceforge.net/projects/gestioip/
product
https://www.vulncheck.com/advisories/gestioip-rce
third-party-advisory
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/gestioip_exec.rb
Resource:
exploit
Hyperlink: https://sourceforge.net/p/gestioip/gestioip/ci/ac67be9fce5ee4c0438d27dfa5c1dcbca08c457c/
Resource:
patch
Hyperlink: https://sourceforge.net/projects/gestioip/
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/gestioip-rce
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:31 Jul, 2025 | 15:15
Updated At:31 Jul, 2025 | 18:42

A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on the server via embedded base64-encoded payloads. Authentication may be required depending on deployment configuration.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-78Secondarydisclosure@vulncheck.com
CWE ID: CWE-78
Type: Secondary
Source: disclosure@vulncheck.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/gestioip_exec.rbdisclosure@vulncheck.com
N/A
https://sourceforge.net/p/gestioip/gestioip/ci/ac67be9fce5ee4c0438d27dfa5c1dcbca08c457c/disclosure@vulncheck.com
N/A
https://sourceforge.net/projects/gestioip/disclosure@vulncheck.com
N/A
https://www.vulncheck.com/advisories/gestioip-rcedisclosure@vulncheck.com
N/A
Hyperlink: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/gestioip_exec.rb
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://sourceforge.net/p/gestioip/gestioip/ci/ac67be9fce5ee4c0438d27dfa5c1dcbca08c457c/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://sourceforge.net/projects/gestioip/
Source: disclosure@vulncheck.com
Resource: N/A
Hyperlink: https://www.vulncheck.com/advisories/gestioip-rce
Source: disclosure@vulncheck.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

85Records found

CVE-2026-28797
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.39% / 30.62%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 21:41
Updated-22 Apr, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Processing (StringTransform) and Message components. These components use Python's jinja2.Template (unsandboxed) to render user-supplied templates, allowing any authenticated user to execute arbitrary operating system commands on the server. At time of publication, there are no publicly available patches.

Action-Not Available
Vendor-infiniflowinfiniflow
Product-ragflowragflow
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2022-50793
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.79% / 84.67%
||
7 Day CHG~0.00%
Published-30 Dec, 2025 | 22:41
Updated-13 Jan, 2026 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Authenticated Command Injection via www-data-handler.php

SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x contains an authenticated command injection vulnerability in the www-data-handler.php script that allows attackers to inject system commands through the 'services' POST parameter. Attackers can exploit this vulnerability by crafting malicious 'services' parameter values to execute arbitrary system commands with www-data user privileges.

Action-Not Available
Vendor-sound4SOUND4 Ltd.Kantar Media
Product-wm2_firmwarepulse_eco_firmwareimpact_ecowm2pulseimpact_eco_firmwarefirstimpact_firmwarebig_voice2_firmwarefirst_firmwarepulse_ecostream_extensionimpactpulse_firmwarebig_voice4_firmwarebig_voice2big_voice4Impact/Pulse/FirstBigVoice4StreamWM2Impact/Pulse EcoBigVoice2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25855
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.57% / 43.02%
||
7 Day CHG~0.00%
Published-08 Jun, 2026 | 16:49
Updated-08 Jun, 2026 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources, causing the server to execute the scripts and return output as proxy lines, resulting in arbitrary command execution on the host as the process user.

Action-Not Available
Vendor-openbullet
Product-openbullet2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25108
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.7||HIGH
EPSS-4.97% / 91.15%
||
7 Day CHG~0.00%
Published-13 Feb, 2026 | 03:39
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2026-03-17||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command.

Action-Not Available
Vendor-Soliton Systems K.K.Soliton Systems K.K
Product-FileZenFileZen
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-25044
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.47% / 37.08%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 15:38
Updated-08 Apr, 2026 | 21:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Budibase: Command Injection in Bash Automation Step

Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing arbitrary command execution. This issue has been patched in version 3.33.4.

Action-Not Available
Vendor-budibaseBudibase
Product-budibasebudibase
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-23678
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.22% / 65.14%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 15:03
Updated-27 Feb, 2026 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Binardat 10G08-0800GSM Network Switch Traceroute CLI Command Injection

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a character into the hostname parameter, an authenticated attacker with access to the web interface can execute arbitrary CLI commands on the device.

Action-Not Available
Vendor-binardatBinardat Ltd.
Product-10g08-0800gsm_firmware10g08-0800gsm10G08-0800GSM Network Switch
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-24788
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.33% / 67.62%
||
7 Day CHG~0.00%
Published-02 Feb, 2026 | 04:37
Updated-03 Feb, 2026 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product.

Action-Not Available
Vendor-RaspAP
Product-raspap-webgui
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-20759
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.50% / 71.23%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 08:16
Updated-16 Jan, 2026 | 15:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS Command Injection vulnerability exists in multiple Network Cameras TRIFORA 3 series provided by TOA Corporation, which may allow a logged-in user with the low("monitoring user") or higher privilege to execute an arbitrary OS command.

Action-Not Available
Vendor-TOA Corporation
Product-Multiple Network Cameras TRIFORA 3 series
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-1427
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.29% / 66.75%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 08:06
Updated-11 Mar, 2026 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WellChoose|Single Sign-On Portal System - OS Command Injection

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Action-Not Available
Vendor-wellchooseWellChoose
Product-single_sign-on_portal_systemSingle Sign-On Portal System
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2016-15047
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-4.00% / 89.28%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 21:10
Updated-07 Apr, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AVTECH CloudSetup.cgi Authenticated Command Injection

AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution without proper validation or whitelisting. An authenticated attacker who can invoke this endpoint can supply crafted input to execute arbitrary system commands as root. Successful exploitation grants full control of the device, and - depending on deployment and whether the device stores credentials or has network reachability to internal systems - may enable credential theft, lateral movement, or data exfiltration. The archived SEARCH-LAB disclosure implies that this vulnerability was remediated in early 2017, but AVTECH has not defined an affected version range.

Action-Not Available
Vendor-AVTECH SECURITY Corporation
Product-IP Camera, NVR, and DVR Devices
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-0854
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.03% / 59.37%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 05:58
Updated-13 Jan, 2026 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Merit LILIN|NVR - OS Command Injection

Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Action-Not Available
Vendor-Merit LILIN
Product-NVR3416DVR716NVR5208ENVR5416ENVR5832SDVR816NVR2400LNVR3816DVR808DVR804NVR200LNVR1400LNVR3216NVR100LNVR3416rNVR400LNVR5104ENVR5832DH032DVR708
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-1428
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.27% / 66.20%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 08:14
Updated-11 Mar, 2026 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WellChoose|Single Sign-On Portal System - OS Command Injection

Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.

Action-Not Available
Vendor-wellchooseWellChoose
Product-single_sign-on_portal_systemSingle Sign-On Portal System
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2026-0855
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-1.08% / 61.08%
||
7 Day CHG~0.00%
Published-12 Jan, 2026 | 06:44
Updated-16 Jan, 2026 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Merit LILIN|IP Camera - OS Command Injection

Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.

Action-Not Available
Vendor-Merit LILIN
Product-LDLRIPRP3P6Z7IPDV1P2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-34873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.7||HIGH
EPSS-0.39% / 30.72%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 00:00
Updated-28 May, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code.

Action-Not Available
Vendor-MOBOTIX
Product-Mx6P3
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-6562
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.94% / 56.54%
||
7 Day CHG~0.00%
Published-26 Jun, 2025 | 12:12
Updated-26 Jun, 2025 | 18:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hunt Electronic Hybrid DVR - OS Command Injection

Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary OS commands and execute them on the device.

Action-Not Available
Vendor-Hunt Electronic
Product-Hybrid DVR
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2015-10145
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.63% / 45.77%
||
7 Day CHG~0.00%
Published-31 Dec, 2025 | 20:48
Updated-23 Mar, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gargoyle 1.5.x Authenticated OS Command Execution via run_commands.sh

Gargoyle router management utility versions 1.5.x contain an authenticated OS command execution vulnerability in /utility/run_commands.sh. The application fails to properly restrict or validate input supplied via the 'commands' parameter, allowing an authenticated attacker to execute arbitrary shell commands on the underlying system. Successful exploitation may result in full compromise of the device, including unauthorized access to system files and execution of attacker-controlled commands.

Action-Not Available
Vendor-gargoyle-routerGargoyle
Product-gargoyleGargoyle Router Management Utility
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-57799
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-1.26% / 65.96%
||
7 Day CHG~0.00%
Published-01 Sep, 2025 | 15:46
Updated-02 Sep, 2025 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
StreamVault can perform remote command execution

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822.

Action-Not Available
Vendor-lemon8866
Product-StreamVault
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43876
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-8.7||HIGH
EPSS-0.27% / 17.96%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 15:27
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings

Under certain circumstances a successful exploitation could result in access to the device.

Action-Not Available
Vendor-Johnson Controls
Product-iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2iSTAR Ultra, iSTAR Ultra SE
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34312
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.30% / 81.17%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 14:37
Updated-03 Nov, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPFire < v2.29 Command Injection via URL Filter Blacklist

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the 'nobody' user via the BE_NAME parameter when installing a blacklist. When a blacklist is installed the application issues an HTTP POST to /cgi-bin/urlfilter.cgi and interpolates the value of BE_NAME directly into a shell invocation without appropriate sanitation. Crafted input can inject shell metacharacters, leading to arbitrary command execution in the context of the 'nobody' user.

Action-Not Available
Vendor-ipfireIPFire.org
Product-ipfireIPFire
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34311
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-13.78% / 96.06%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 14:43
Updated-03 Nov, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPFire < v2.29 Command Injection via Proxy Report Creation

IPFire versions prior to 2.29 (Core Update 198) contain a command injection vulnerability that allows an authenticated attacker to execute arbitrary commands as the user 'nobody' via multiple parameters when creating a Proxy report. When a user creates a Proxy report the application issues an HTTP POST to /cgi-bin/logs.cgi/calamaris.dat and reads the values of DAY_BEGIN, MONTH_BEGIN, YEAR_BEGIN, DAY_END, MONTH_END, YEAR_END, NUM_DOMAINS, PERF_INTERVAL, NUM_CONTENT, HIST_LEVEL, NUM_HOSTS, NUM_URLS, and BYTE_UNIT, which are interpolated directly into the shell invocation of the mkreport helper. Because these parameters are never sanitized for improper characters or constructs, a crafted POST can inject shell metacharacters into one or more fields, causing arbitrary commands to run with the privileges of the 'nobody' user.

Action-Not Available
Vendor-ipfireIPFire.org
Product-ipfireIPFire
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34335
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.56% / 83.20%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 16:24
Updated-11 Dec, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense.php

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\\SYSTEM.

Action-Not Available
Vendor-audiocodesAudioCodes Limited
Product-interactive_voice_responsefax_serverAudioCodes Fax/IVR Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34113
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.10% / 79.45%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 13:09
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tiki Wiki CMS Authenticated Command Injection in Calendar Module

An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user.

Action-Not Available
Vendor-Tiki Software Community Association
Product-Wiki CMS Groupware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34115
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.32% / 81.39%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 13:04
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OP5 Monitor <= 7.1.9 Authenticated Command Execution via command_test.php

An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.

Action-Not Available
Vendor-ITRS Group
Product-OP5 Monitor
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34116
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.14% / 62.64%
||
7 Day CHG~0.00%
Published-15 Jul, 2025 | 13:02
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IPFire < 2.19 Core Update 101 proxy.cgi RCE

A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.

Action-Not Available
Vendor-IPFire Project
Product-IPFire
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34129
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.08% / 60.97%
||
7 Day CHG~0.00%
Published-16 Jul, 2025 | 21:26
Updated-15 May, 2026 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LILIN DVR RCE via Malicious FTP/NTP Configuration

A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields in the service configuration. An attacker with access to the configuration interface can upload a malicious XML file with injected shell commands in these fields. Upon subsequent configuration syncs, these commands are executed with elevated privileges. This vulnerability was exploited in the wild by the Moobot botnets.

Action-Not Available
Vendor-Merit LILIN
Product-DVR Firmware
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43875
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-8.7||HIGH
EPSS-0.27% / 19.24%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 15:19
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo

Under certain circumstances a successful exploitation could result in access to the device.

Action-Not Available
Vendor-Johnson Controls
Product-iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2iSTAR Ultra, iSTAR Ultra SE
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-43873
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-8.7||HIGH
EPSS-0.27% / 17.96%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 15:53
Updated-18 Dec, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - setFaultDebounce

Successful exploitation of these vulnerabilities could allow an attacker to modify firmware and gain full access to the device.

Action-Not Available
Vendor-Johnson Control
Product-iSTAR Ultra, iSTAR Ultra SE, iSTAR Ultra G2, iSTAR Ultra G2 SE, iSTAR Edge G2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34514
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.07% / 79.14%
||
7 Day CHG~0.00%
Published-16 Oct, 2025 | 17:56
Updated-15 May, 2026 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ilevia EVE X1 Server 4.7.18.0.eden Authenticated Command Injection

Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to execute arbitrary commands. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet.

Action-Not Available
Vendor-ileviaIlevia Srl.
Product-eve_x1_server_firmwareeve_x1_serverEVE X1 Server
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34334
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-3.12% / 86.25%
||
7 Day CHG~0.00%
Published-19 Nov, 2025 | 16:23
Updated-11 Dec, 2025 | 21:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation.

Action-Not Available
Vendor-audiocodesAudioCodes Limited
Product-interactive_voice_responsefax_serverAudioCodes Fax/IVR Appliance
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-36910
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.28% / 66.44%
||
7 Day CHG~0.00%
Published-06 Jan, 2026 | 15:52
Updated-08 Jan, 2026 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cayin Signage Media Player 3.0 Authenticated Remote Command Injection via NTP Parameter

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard_system.cgi pages. Attackers can exploit the 'NTP_Server_IP' parameter with default credentials to execute arbitrary shell commands as root.

Action-Not Available
Vendor-CAYIN Technology Co.
Product-SMP-8000QDSMP-300SMP-PROPLUSSMP-1000SMP-2000SMP-2310SMP-2200SMP-NEO2SMP-WEBPLUSSMP-200SMP-8000SMP-6000SMP-NEOSMP-4000SMP-2100SMP-WEB4SMP-2300SMP-2210SMP-PRO4
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-37002
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.65% / 46.78%
||
7 Day CHG~0.00%
Published-29 Jan, 2026 | 14:28
Updated-25 May, 2026 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ajenti 2.1.36 Authenticated Remote Code Execution

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port.

Action-Not Available
Vendor-Ajenti Project
Product-Ajenti
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2020-36867
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.65% / 83.77%
||
7 Day CHG+0.23%
Published-30 Oct, 2025 | 21:37
Updated-17 Nov, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nagios XI < 5.7.3 Command Injection in Report PDF Download

Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped, allowing an authenticated attacker who can trigger PDF exports to inject shell metacharacters or arguments.

Action-Not Available
Vendor-Nagios Enterprises, LLC
Product-nagios_xiXI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-25243
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-2.33% / 81.41%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 19:27
Updated-30 Dec, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test

FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.

Action-Not Available
Vendor-iwtiWT Ltd.
Product-facesentry_access_control_systemfacesentry_access_control_system_firmwareFaceSentry Access Control System
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-25289
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-1.69% / 74.21%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 23:10
Updated-23 Mar, 2026 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
INIM Electronics SmartLiving SmartLAN/G/SI <=6.x Remote Command Execution

SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.

Action-Not Available
Vendor-INIM Electronics s.r.l.
Product-SmartLiving SmartLAN/G/SI
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2019-25255
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.38% / 30.06%
||
7 Day CHG~0.00%
Published-24 Dec, 2025 | 19:28
Updated-29 Dec, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VideoFlow Digital Video Protection DVP 2.10 Authenticated Remote Code Execution

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated remote code execution vulnerability that allows attackers to execute system commands with root privileges. Attackers can exploit the vulnerability through a cross-site request forgery (CSRF) mechanism to gain unauthorized system access.

Action-Not Available
Vendor-VideoFlow Ltd.
Product-VideoFlow Digital Video Protection DVP
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found