CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2019-12591 MEDIUM
NETGEAR Insight < 5.6 - Authenticated Command Injection
CVSS 6.8
CVE-2019-10854 HIGH
Computrols CBAS < 19.0.0 - Authenticated Command Injection
CVSS 8.8
CVE-2019-1780 MEDIUM
Cisco NX-OS and FXOS - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1795 MEDIUM
Cisco NX-OS <8.2(3) & Firepower <2.0.1.201 - Authenticated CLI Command Injection
CVSS 6.7
CVE-2019-1791 MEDIUM
Cisco NX-OS 5.2-6.2(25) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1790 MEDIUM
Cisco NX-OS 5.2-6.2(25) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1784 MEDIUM
Cisco NX-OS < 7.3(5)n1(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1783 MEDIUM
Cisco NX-OS < 7.3(4)n1(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1782 MEDIUM
Cisco FXOS and NX-OS - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1781 MEDIUM
Cisco FXOS and NX-OS - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1779 MEDIUM
Cisco FXOS and NX-OS - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1735 HIGH
Cisco NX-OS < 8.3(1) - Authenticated Command Injection via CLI Argument
CVSS 7.8
CVE-2019-10640 HIGH
GitLab < 11.7.10, 11.8.x < 11.8.6, 11.9.x < 11.9.4 - Resource Consumption via .gitlab-ci.yml
CVSS 7.5
CVE-2019-6689 HIGH
Dillon Kane Tidal Workload Automation Agent 3.2.0.5 - Command Injection via Tidal Job Buffers Parameters
CVSS 7.8
CVE-2019-11217 CRITICAL
Bonobo Git Server < 6.5.0 - Remote Code Execution via GitController
CVSS 9.8
CVE-2019-11076 CRITICAL
Cribl UI 1.5.0 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2019-6579 CRITICAL
Spectrum Power 4 - Unauthenticated Remote Code Execution via Web Office Portal
CVSS 9.8
CVE-2019-5424 HIGH
Ubiquiti Networks EdgeSwitch X <1.1.0 - Command Injection
CVSS 8.8
CVE-2019-6552 CRITICAL
Advantech WebAccess < 8.3.5 - Remote Code Execution via Improper Input Validation
CVSS 9.8
CVE-2019-5420 CRITICAL
Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability
CVSS 9.8
CVE-2019-9743 HIGH
PHOENIX CONTACT RAD-80211-XD - Command Injection
CVSS 8.8
CVE-2019-9059 HIGH
CMS Made Simple < 2.2.8 - Authenticated Command Injection via Mail Settings
CVSS 7.2
CVE-2019-7610 CRITICAL
Kibana < 5.6.15 - Remote Code Execution via Security Audit Logger
CVSS 9.0
CVE-2019-7537 CRITICAL
Donfig 0.3.0 - Remote Code Execution via collect_yaml Method
CVSS 9.8
CVE-2019-6275 HIGH
GL.iNet GL-AR300M-Lite Firmware 2.27 - Remote Command Injection via firmware_cgi
CVSS 8.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits