CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2020-18048 CRITICAL
CraigMS 1.0 - OS Command Injection via DB Name Field
CVSS 9.8
CVE-2020-19001 CRITICAL
Simiki <1.6.2.1 - Command Injection
CVSS 9.8
CVE-2020-18885 HIGH
phpmywind 5.6 - Remote Code Execution via Text Color Field in Web Config
CVSS 7.2
CVE-2020-29548 HIGH
SmarterMail <100.0.7537 - Info Disclosure
CVSS 8.1
CVE-2020-15955 MEDIUM
fehcom s/qmail < 4.0.07 - Command Injection via STARTTLS MitM
CVSS 5.9
CVE-2020-18758 CRITICAL
DCCE MAC1100 PLC Firmware - Remote Code Execution
CVSS 9.8
CVE-2020-36463 HIGH
multiqueue < 2020-12-25 - Unauthenticated Command Injection
CVSS 8.1
CVE-2020-36462 HIGH
syncpool < 0.1.6 - Unauthenticated Command Injection via Send Trait Implementation
CVSS 8.1
CVE-2020-36461 HIGH
Noise Search < 2020-12-10 - Command Injection
CVSS 8.1
CVE-2020-36459 HIGH
dces < 2020-12-09 - Unsound Send Implementation in World Type
CVSS 8.1
CVE-2020-36457 HIGH
lever < 0.1.1 - Unauthenticated Remote Code Execution via AtomicBox Send/Sync Trait Misuse
CVSS 8.1
CVE-2020-36456 HIGH
toolshed < 2020-11-15 - Command Injection via Unbounded Send Trait in CopyCell
CVSS 8.1
CVE-2020-36455 HIGH
slock < 0.2.0 - Unsafe Send and Sync Implementation
CVSS 8.1
CVE-2020-36451 HIGH
rcu_cell < 0.1.9 - Unconditional Send and Sync Implementation
CVSS 8.1
CVE-2020-36450 HIGH
bunch < 2020-11-12 - Unsound Send and Sync Implementation
CVSS 8.1
CVE-2020-36449 HIGH
kekbit < 0.3.4 - Unsound Send Implementation for ShmWriter
CVSS 8.1
CVE-2020-36448 HIGH
cache < 2020-11-24 - OS Command Injection
CVSS 8.1
CVE-2020-17759 HIGH
Evernote Client - Command Injection
CVSS 8.8
CVE-2020-21785 HIGH
IBOS 4.5.4 Open - OS Command Injection via Database Backup
CVSS 8.8
CVE-2020-10666 CRITICAL
Sangoma FreePBX/PBXact <15.0.19.2 - RCE
CVSS 9.8
CVE-2020-15180 CRITICAL
mariadb <10.1.47-10.5.6 - Command Injection
CVSS 9.0
CVE-2020-28908 CRITICAL
Nagios Fusion < 4.1.8 - Command Injection
CVSS 9.8
CVE-2020-28902 CRITICAL
Nagios Fusion <= 4.1.8 - Command Injection in cmd_subsys.php
CVSS 9.8
CVE-2020-28901 CRITICAL
Nagios Fusion < 4.1.8 - Command Injection via cmd_subsys.php
CVSS 9.8
CVE-2020-20951 CRITICAL
Pluck 4.7.10-dev2 - Remote Command Execution via File Upload
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits