CWE-77

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component ‘jfinal_cms/admin/filemanager/list’.

Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component ‘simiki/blob/master/simiki/config.py’.

Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the “text color” field of the component ‘/admin/web_config.php’.

An issue in Dut Computer Control Engineering Co.’s PLC MAC1100 allows attackers to execute arbitrary code.

An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands.