CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,572 vulnerabilities with CWE-77
CVE-2016-6270 HIGH
Trend Micro Virtual Mobile Infrastructure <5.1 - Command Injection
CVSS 8.8
CVE-2016-10182 CRITICAL
D-Link DWR-932B Firmware - OS Command Injection via qmiweb Backtick Handling
CVSS 9.8
CVE-2016-9554 HIGH
Sophos Web Appliance 4.2.1.3 - Remote Command Injection via MgrDiagnosticTools.php URL Parameter
CVSS 7.2
CVE-2016-9553 HIGH
Sophos Web Appliance 4.2.1.3 - Authenticated Remote Command Injection via MgrReport.php
CVSS 7.2
CVE-2016-7399 CRITICAL
Veritas NetBackup Appliance Firmware <=3.0.x - Remote Command Execution via hostName
CVSS 9.8
CVE-2016-10108 CRITICAL
Western Digital MyCloud unauthenticated command injection
CVSS 9.8
CVE-2016-10107 CRITICAL
Western Digital MyCloud NAS 2.11.142 - Command Injection
CVSS 9.8
CVE-2016-10074 CRITICAL
SwiftMailer < 5.4.5 - Remote Code Execution via Mail Command Parameter Injection
CVSS 9.8
CVE-2016-10045 CRITICAL
PHPMailer < 5.2.20 - Remote Code Execution via Sendmail Argument Injection
CVSS 9.8
CVE-2016-10034 CRITICAL
Zend Framework < 2.4.11 and zend-mail < 2.4.11 - Remote Code Execution via Sendmail Adapter setFrom Function
CVSS 9.8
CVE-2016-6656 HIGH
Pivotal Greenplum <4.3.10.0 - Command Injection
CVSS 7.2
CVE-2016-1000156 CRITICAL
mailcwp < 1.100 - Unauthenticated Remote File Upload
CVSS 9.8
CVE-2016-6609 HIGH
phpMyAdmin <4.6.4, <4.4.15.8, <4.0.10.17 - Code Injection
CVSS 8.8
CVE-2016-9835 CRITICAL
Zikula Framework 1.3.x < 1.3.11 and 1.4.x < 1.4.4 - Directory Traversal & PHP Object Injection
CVSS 9.8
CVE-2016-0328 HIGH
IBM Security Guardium Database Activity Monitor <10.1 - Privilege E...
CVSS 7.8
CVE-2016-0326 HIGH
IBM Rational Quality Manager <4.0.7-6.0.1 - RCE
CVSS 8.8
CVE-2016-0236 HIGH
IBM Security Guardium Database Activity Monitor <10.1 - Command Inj...
CVSS 8.8
CVE-2016-0920 HIGH
EMC Avamar Server <7.3.0-233 - Privilege Escalation
CVSS 7.8
CVE-2016-6367 HIGH KEV
Cisco ASA <8.4(1) - Privilege Escalation
CVSS 7.8
CVE-2016-2875 HIGH
IBM QRadar Security Information and Event Manager 7.1.x-7.2.x - Authenticated Remote Command Execution
CVSS 8.8
CVE-2016-5640 CRITICAL
Crestron AirMedia AM-100 <1.4.0.13 - Path Traversal
CVSS 9.8
CVE-2016-4822 HIGH
Corega CG-WLBARGL - Authenticated Remote Command Execution
CVSS 8.0
CVE-2016-1388 CRITICAL
Cisco Prime Network Analysis Module < 6.1(1) patch.6.1-2-final and 6.2.x < 6.2(1) - Remote Code Execution
CVSS 9.8
CVE-2016-3081 HIGH
Apache Struts 2.3.19-2.3.20.2, 2.3.21-2.3.24.1, 2.3.25-2.3.28 - Remote Code Execution via Dynamic Method Invocation
CVSS 8.1
CVE-2016-2332 HIGH
SysLINK SL-1000 Modular Gateway Firmware - Authenticated OS Command Injection via flu.cgi dnsmasq Parameter
CVSS 8.8
Details
Vulnerabilities 3,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits