diff --git a/actions/admin/settings/125.cronjob.php b/actions/admin/settings/125.cronjob.php
index 99291c59..a04a8394 100644
--- a/actions/admin/settings/125.cronjob.php
+++ b/actions/admin/settings/125.cronjob.php
@@ -44,6 +44,7 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'croncmdline',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/usr/bin/nice -n 5 /usr/bin/php -q',
 					'save_method' => 'storeSettingField'
 				],
@@ -52,6 +53,7 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'crondreload',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/cron reload',
 					'save_method' => 'storeSettingField'
 				],
diff --git a/actions/admin/settings/130.webserver.php b/actions/admin/settings/130.webserver.php
index 4e7cead4..9b4d6a42 100644
--- a/actions/admin/settings/130.webserver.php
+++ b/actions/admin/settings/130.webserver.php
@@ -305,6 +305,7 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'apachereload_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/apache2 reload',
 					'save_method' => 'storeSettingField'
 				],
@@ -313,6 +314,7 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'phpreload_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '',
 					'save_method' => 'storeSettingField',
 					'websrv_avail' => [
diff --git a/actions/admin/settings/160.nameserver.php b/actions/admin/settings/160.nameserver.php
index ad51acce..e9d929b5 100644
--- a/actions/admin/settings/160.nameserver.php
+++ b/actions/admin/settings/160.nameserver.php
@@ -78,6 +78,7 @@ return [
 					'settinggroup' => 'system',
 					'varname' => 'bindreload_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/bind9 reload',
 					'save_method' => 'storeSettingField'
 				],
diff --git a/actions/admin/settings/180.dkim.php b/actions/admin/settings/180.dkim.php
index 23fbc7cc..fd08534b 100644
--- a/actions/admin/settings/180.dkim.php
+++ b/actions/admin/settings/180.dkim.php
@@ -135,6 +135,7 @@ return [
 					'settinggroup' => 'dkim',
 					'varname' => 'dkimrestart_command',
 					'type' => 'text',
+					'string_regexp' => '/^[a-z0-9\/\._\- ]+$/i',
 					'default' => '/etc/init.d/dkim-filter restart',
 					'save_method' => 'storeSettingField'
 				]
diff --git a/lib/Froxlor/Api/Commands/FpmDaemons.php b/lib/Froxlor/Api/Commands/FpmDaemons.php
index 32b3ff29..a0577ad4 100644
--- a/lib/Froxlor/Api/Commands/FpmDaemons.php
+++ b/lib/Froxlor/Api/Commands/FpmDaemons.php
@@ -202,7 +202,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 
 			// validation
 			$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);
-			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '', '', [], true);
+			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\- ]+$/i', '', [], true);
 			$sel_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_FPMDAEMONS."` WHERE `reload_cmd` = :rc");
 			$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);
 			if ($dupcheck && $dupcheck['id']) {
@@ -327,7 +327,7 @@ class FpmDaemons extends ApiCommand implements ResourceEntity
 
 			// validation
 			$description = Validate::validate($description, 'description', Validate::REGEX_DESC_TEXT, '', [], true);
-			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '', '', [], true);
+			$reload_cmd = Validate::validate($reload_cmd, 'reload_cmd', '/^[a-z0-9\/\._\- ]+$/i', '', [], true);
 			$sel_stmt = Database::prepare("SELECT `id` FROM `".TABLE_PANEL_FPMDAEMONS."` WHERE `reload_cmd` = :rc");
 			$dupcheck = Database::pexecute_first($sel_stmt, ['rc' => $reload_cmd]);
 			if ($dupcheck && $dupcheck['id'] != $id) {