CVE-2019-9507

HIGH Year: 2019
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-95
View all →

Vulnerability Description

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated with an administrator account to execute arbitrary commands as root.

Related Vulnerabilities

CVE-2023-0888

HIGH
CVSS:7.2(High)

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access t...

CWE-952023

CVE-2024-10633

HIGH
CVSS:7.3(High)

The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0...

CWE-952024

CVE-2023-6735

HIGH
CVSS:7.8(High)

Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges

CWE-952023

CVE-2023-7101

HIGH
CVSS:7.8(High)

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated ...

CWE-952023

CVE-2023-7224

HIGH
CVSS:7.8(High)

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable

CWE-952023

CVE-2023-7245

HIGH
CVSS:7.8(High)

The nodejs framework in OpenVPN Connect 3.0 through 3.4.3 (Windows)/3.4.7 (macOS) was not properly configured, which allows a local user to execute arbitrary code within the nodejs process context via...

CWE-952023