CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2020-36642 MEDIUM
trampgeek jobe <1.6.x - Command Injection
CVSS 5.5
CVE-2020-15685 HIGH
Thunderbird < 78.7.0 - Command Injection via STARTTLS Plaintext Phase
CVSS 8.8
CVE-2020-23584 CRITICAL
OPTILINK OP-XT71000N V2.2 - Unauthenticated Remote Code Execution via PingTest Parameter Command Injection
CVSS 9.8
CVE-2020-23583 CRITICAL
OPTILINK OP-XT71000N V2.2 - Remote Code Execution via PingTest Interface
CVSS 9.8
CVE-2020-7795 HIGH
get-npm-package-version <1.0.7 - Command Injection
CVSS 7.3
CVE-2020-28453 CRITICAL
npos-tesseract - OS Command Injection in lib/ocr.js
CVSS 9.4
CVE-2020-28451 CRITICAL
image-tiler < 2.0.2 - OS Command Injection
CVSS 9.8
CVE-2020-28437 CRITICAL
heroku-env - OS Command Injection in lib/get.js
CVSS 9.4
CVE-2020-28434 CRITICAL
gitblame - OS Command Injection via lib/gitblame.js
CVSS 9.4
CVE-2020-28433 HIGH
node-latex-pdf - OS Command Injection
CVSS 7.3
CVE-2020-28425 HIGH
curljs - OS Command Injection
CVSS 7.3
CVE-2020-28423 CRITICAL
monorepo-build - OS Command Injection
CVSS 9.8
CVE-2020-28447 CRITICAL
xopen - OS Command Injection via filepath Parameter
CVSS 9.8
CVE-2020-28446 CRITICAL
ntesseract < 0.2.9 - Command Injection via lib/tesseract.js
CVSS 9.8
CVE-2020-28445 CRITICAL
npm-help - OS Command Injection in export.latestVersion()
CVSS 9.8
CVE-2020-28443 CRITICAL
sonar-wrapper - OS Command Injection in lib/sonarRunner.js
CVSS 9.8
CVE-2020-28438 CRITICAL
deferred-exec - OS Command Injection via lib/deferred-exec.js
CVSS 9.8
CVE-2020-28436 HIGH
google-cloudstorage-commands - OS Command Injection via Unsanitized Input
CVSS 7.3
CVE-2020-28435 CRITICAL
ffmpeg-sdk - OS Command Injection via index.js
CVSS 9.4
CVE-2020-28422 MEDIUM
git-archive - Command Injection via Exports Function
CVSS 6.4
CVE-2020-36529 HIGH
SevOne Network Performance Management < 5.7.2.22 - Remote Command Injection in Traceroute Handler
CVSS 8.8
CVE-2020-14119 CRITICAL
Xiaomi AX3600 < 1.1.12 - OS Command Injection via addMeshNode Interface
CVSS 9.8
CVE-2020-14109 HIGH
Xiaomi AX3600 Firmware <= 1.1.12 - OS Command Injection in meshd Program
CVSS 7.2
CVE-2020-19151 HIGH
Jfinal CMS <4.7.1 - Command Injection
CVSS 8.8
CVE-2020-26300 MEDIUM
systeminformation <4.26.2 - Command Injection
CVSS 5.9
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits