CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,571 vulnerabilities with CWE-77
CVE-2019-6272 HIGH
GL.iNet GL-AR300M-Lite Firmware 2.27 - Remote Code Execution via login_cgi
CVSS 8.8
CVE-2019-5414 HIGH
kill-port < 1.3.2 - Command Injection
CVSS 8.1
CVE-2019-5413 CRITICAL
morgan < 1.9.1 - Remote Code Execution via Format Parameter Injection
CVSS 9.8
CVE-2019-1614 HIGH
Cisco NX-OS 8.2-8.3(2) - Authenticated Remote Code Execution via NX-API Command Injection
CVSS 8.8
CVE-2019-1613 MEDIUM
Cisco NX-OS - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1612 MEDIUM
Cisco NX-OS < 7.0(3)I7(6) - Authenticated OS Command Injection via CLI Arguments
CVSS 4.2
CVE-2019-1611 MEDIUM
Cisco NX-OS and FX-OS - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1610 MEDIUM
Cisco NX-OS 7.0(3)-7.0(3)I7(3) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1609 MEDIUM
Cisco NX-OS 8.2-8.3(2) - Authenticated Command Injection via CLI Arguments
CVSS 6.7
CVE-2019-1608 MEDIUM
Cisco NX-OS 8.2-8.3(1) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1607 MEDIUM
Cisco NX-OS 8.0-8.2(3) - Authenticated Command Injection via CLI Argument
CVSS 6.7
CVE-2019-1606 HIGH
Cisco NX-OS 7.0(3)I7-7.0(3)I7(4) - Authenticated Command Injection via CLI Arguments
CVSS 7.8
CVE-2019-3920 HIGH
Alcatel Lucent I-240W-Q GPON ONT 3FE54567BOZJ19 - Authenticated OS Command Injection via /GponForm/device_Form
CVSS 8.8
CVE-2019-3919 HIGH
Nokia I-240W-Q GPON ONT Firmware 3FE54567BOZJ19 - Authenticated OS Command Injection via USB Restore Script Endpoint
CVSS 8.8
CVE-2019-1000018 HIGH
rssh 2.3.4 - Authenticated Command Injection via allowscp Permission
CVSS 7.8
CVE-2019-3913 MEDIUM
LabKey Server Community Edition < 18.3.0-61806.763 - Authenticated Denial of Service via Drive Unmount Command
CVSS 4.9
CVE-2019-6986 HIGH
Vitro < 1.11.0 - Regular Expression Denial of Service via SPARQL Injection in URI Parameter
CVSS 7.5
CVE-2019-1646 HIGH
Cisco SD-WAN Solution - Authenticated Privilege Escalation via Local CLI Command Injection
CVSS 7.8
CVE-2019-0541 HIGH KEV
Internet Explorer - Remote Code Execution via MSHTML Engine Input Validation
CVSS 8.8
CVE-2018-19418 HIGH
Foxit PDF ActiveX <5.5.1 - Command Injection
CVSS 7.8
CVE-2018-14067 CRITICAL
Green Packet WiMax DV-360 2.10.14-g1.0.6.1 - Command Injection
CVSS 9.8
CVE-2018-19950 CRITICAL
QNAP Music Station < 5.3.11 - Remote Command Injection
CVSS 9.8
CVE-2018-19949 CRITICAL KEV
QNAP QTS < 4.2.6 - OS Command Injection
CVSS 9.8
CVE-2018-11106 CRITICAL
NETGEAR WC7500/WC7520/WC7600/WC9500 Firmware - Unauthenticated OS Command Injection via request_handler.php
CVSS 9.8
CVE-2018-0730 CRITICAL
QNAP QTS - OS Command Injection via File Station
CVSS 9.8
Details
Vulnerabilities 3,571
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits