CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,572 vulnerabilities with CWE-77
CVE-2017-4918 CRITICAL
VMware Horizon View Client <4.5.0 - Command Injection
CVSS 9.8
CVE-2017-6650 HIGH
Cisco NX-OS 7.1-7.3 - Authenticated Command Injection via Telnet CLI
CVSS 7.8
CVE-2017-6649 HIGH
Cisco NX-OS 7.1-7.3 - Authenticated Command Injection via CLI Arguments
CVSS 7.8
CVE-2017-6048 HIGH
Satel Iberia SenNet Data Logger and Electricity Meters - Command Injection
CVSS 8.8
CVE-2017-2324 MEDIUM
Juniper Networks NorthStar Controller <2.1.0 SP1 - Command Injection
CVSS 5.3
CVE-2017-7722 CRITICAL
SolarWinds LEM <6.3.1 Hotfix 4 - RCE
CVSS 10.0
CVE-2017-7689 CRITICAL
Schneider Electric homeLYnk Controller <1.5.0 - Command Injection
CVSS 9.8
CVE-2017-6184 MEDIUM
Sophos Web Appliance < 4.3.1.2 - Remote Command Injection via Report Token Parameter
CVSS 4.7
CVE-2017-6183 HIGH
Sophos Web Appliance < 4.3.1.2 - Remote Command Injection via Active Directory Configuration Utility
CVSS 7.2
CVE-2017-5675 HIGH
GoAhead - OS Command Injection via Mail Form Receiver Field
CVSS 8.8
CVE-2016-15057 CRITICAL
Apache Continuum - Command Injection
CVSS 9.9
CVE-2016-20017 CRITICAL KEV
D-Link DSL-2750B <1.05 - Command Injection
CVSS 9.8
CVE-2016-4991 CRITICAL
nodepdf 1.3.0 - Command Injection via Improper Shell Escape
CVSS 9.8
CVE-2016-10849 MEDIUM
cPanel 11.48.0.5-11.48.5.2 - Command Injection via scripts/secureit
CVSS 6.5
CVE-2016-10843 HIGH
cPanel 11.48.0.5-11.48.5.2 - Remote Code Execution via JSON-API
CVSS 8.1
CVE-2016-10762 HIGH
CampTix Event Ticketing < 1.5.0 - CSV Injection via Export Tool
CVSS 7.5
CVE-2016-10760 CRITICAL
Seowon Intech SWR-300A/B/C/BG Firmware - OS Command Injection via ping_ipaddr Parameter
CVSS 9.8
CVE-2016-1000282 CRITICAL
Haraka < 2.8.8 - OS Command Injection via Attachment Processing Plugin
CVSS 9.8
CVE-2016-10729 HIGH
Amanda 3.3.1 - Authenticated Command Injection via runtar Binary Argument Manipulation
CVSS 7.8
CVE-2016-9044 HIGH
WebFOCUS Business Intelligence Portal 8.1 - Command Injection
CVSS 8.8
CVE-2016-8628 HIGH
Ansible < 2.2.0 - Remote Code Execution via Fact Variable Injection
CVSS 7.6
CVE-2016-6558 CRITICAL
ASUS RP-AC52 <1.0.1.1s - Command Injection
CVSS 9.8
CVE-2016-7076 MEDIUM
sudo < 1.8.18 - Privilege Escalation via wordexp() Argument Bypass
CVSS 6.4
CVE-2016-8523 HIGH
HPE Smart Storage Administrator <2.60.18.0 - RCE
CVSS 8.8
CVE-2016-5397 HIGH
Apache Thrift < 0.10.0 - Command Injection via Code Generation
CVSS 8.8
Details
Vulnerabilities 3,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits