CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2019-16305 HIGH
MobaXterm 11.1-12.1 - Command Injection
CVSS 8.8
CVE-2019-9254 HIGH
Android 10 - Local Privilege Escalation via Improper Input Validation in zygote.java
CVSS 7.8
CVE-2019-7989 HIGH
Adobe Photoshop CC <20.0.5 - Command Injection
CVSS 8.8
CVE-2019-7968 CRITICAL
Adobe Photoshop CC <20.0.5 - Command Injection
CVSS 9.8
CVE-2019-8060 CRITICAL
Adobe Acrobat and Reader DC < 19.012.20036 - Command Injection
CVSS 9.8
CVE-2019-12104 HIGH
TP-Link M7350 V3 <190531 - Command Injection
CVSS 8.8
CVE-2019-12805 HIGH
NC Launcher2 < 2.4.1.691 - Remote Code Execution via Custom Protocol Handler
CVSS 8.8
CVE-2019-14745 HIGH
radare2 < 3.7.0 - Command Injection via Crafted Executable Symbol Names
CVSS 7.8
CVE-2019-1010174 CRITICAL
CImg Library <2.3.3 - Command Injection
CVSS 9.8
CVE-2019-7850 CRITICAL
Adobe Campaign Classic <18.10.5-8984 - Command Injection
CVSS 9.8
CVE-2019-1923 MEDIUM
Cisco SPA500 Series IP Phones < 7.6.2sr5 - Authenticated Arbitrary Command Execution via USB Storage Device
CVSS 6.6
CVE-2019-11535 CRITICAL
Linksys WiFi Extender <1.2.04.022 - RCE
CVSS 9.8
CVE-2019-5446 HIGH
EdgeMAX EdgeSwitch <1.8.2 - Command Injection
CVSS 7.2
CVE-2019-1893 HIGH
Cisco Enterprise NFV Infrastructure Software - Command Injection
CVSS 7.8
CVE-2019-6622 HIGH
BIG-IP 11.5.1-14.1.0.5 Authenticated Command Injection via iControl REST
CVSS 7.2
CVE-2019-13152 HIGH
TRENDnet TEW-827DRU Firmware < 2.05B11 - Authenticated Command Injection via Add Gaming Rule IP Address
CVSS 8.8
CVE-2019-13150 HIGH
TRENDnet TEW-827DRU Firmware < 2.05b11 - Authenticated Command Injection via apply.cgi ip_addr Parameter
CVSS 8.8
CVE-2019-13148 HIGH
TRENDnet TEW-827DRU Firmware < 2.05B11 - Authenticated Command Injection via UDP Ports To Open in Add Gaming Rule
CVSS 8.8
CVE-2019-13024 HIGH
Centreon 18.x < 18.10.6, 19.x < 19.04.3 - Authenticated Remote Code Execution via Monitoring Engine Binary Configuration
CVSS 8.8
CVE-2019-1624 HIGH
Cisco SD-WAN < 18.4.0 - Authenticated Command Injection via vManage Web UI
CVSS 8.8
CVE-2019-1623 MEDIUM
Cisco Meeting Server 2.2.0-2.2.13 - Authenticated OS Command Injection via CLI Configuration Shell
CVSS 6.7
CVE-2019-7839 CRITICAL
ColdFusion <Update 3 - Command Injection
CVSS 9.8
CVE-2019-12786 HIGH
D-Link DIR-818LW 2.05.B03-2.06B01 BETA - OS Command Injection via HNAP1 SetWanSettings IPAddress XML Injection
CVSS 8.8
CVE-2019-5390 CRITICAL
HPE IMC PLAT <7.3 - Command Injection
CVSS 9.8
CVE-2019-6739 HIGH
Malwarebytes Antimalware 3.6.1.2711 - Remote Code Execution via URI Scheme Handling
CVSS 8.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits