Primary

Context

Oinone Pamirs Command Injection Vulnerability Allowing Arbitrary OS Command Execution

Vulnerability

A command injection vulnerability has been identified in Oinone Pamirs version 7.0.0, specifically within the CommandHelper.executeCommands method. This vulnerability allows for arbitrary execution of operating system commands. The issue arises because the method initiates a shell process and directly writes attacker-controlled command strings to the process's standard input without any form of sanitization or validation. As a result, any application functionality that passes untrusted input to this method can be exploited to execute commands on the operating system with the same privileges as the running service.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of operating system commands, potentially allowing an attacker to manipulate files, access sensitive information, or execute further malicious actions on the server.

Remediation

Users can upgrade to Oinone Pamirs version 7.2.3, where this vulnerability has been fixed.

Added: May 15, 2026, 3:24 PM

Updated: May 15, 2026, 3:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.1

remediation

0.0

relevance

8.4

threat

3.3

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Oinone Pamirs Command Injection Vulnerability Allowing Arbitrary OS Command Execution

Vulnerability

Impact

Remediation

Affected Products

Oinone Pamirs

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating