CVE-2023-42136

HIGH Year: 2023
CVSS v3 Score
7.8
High
Weakness Type
CWE-77
View all →

Vulnerability Description

PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.

Related Vulnerabilities

CVE-2010-4345

HIGH
CVSS:7.8(High)

Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary comma...

CWE-772010

CVE-2014-1834

HIGH
CVSS:7.8(High)

The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to inject arbitrary code by adding a semi-colon in their username or password.

CWE-772014

CVE-2014-4677

HIGH
CVSS:7.8(High)

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters ...

CWE-772014

CVE-2014-5220

HIGH
CVSS:7.8(High)

The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.

CWE-772014

CVE-2014-9114

HIGH
CVSS:7.8(High)

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

CWE-772014

CVE-2015-2210

HIGH
CVSS:7.8(High)

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command she...

CWE-772015