CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,572 vulnerabilities with CWE-77
CVE-2016-2002 CRITICAL
HPE Vertica <7.0.2.12, <7.1.2-12, <7.2.2-1 - RCE
CVSS 9.8
CVE-2016-2056 HIGH
Xymon 4.1.x-4.3.x - Authenticated Command Injection via adduser_name Argument
CVSS 8.8
CVE-2016-2397 CRITICAL
Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 - Remote Code Execution via XML Deserialization
CVSS 9.8
CVE-2016-2396 CRITICAL
Dell SonicWALL GMS/Analyzer/UMA EM5000 7.2/8.0/8.1 - Authenticated RCE via GMS ViewPoint
CVSS 9.9
CVE-2016-0861 HIGH
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
CVSS 8.8
CVE-2015-20108 CRITICAL
ruby-saml < 1.0.0 - XPath Injection and Code Execution via Prepared Statement Bypass
CVSS 9.8
CVE-2015-10096 MEDIUM
Zarthus IRC Twitter Announcer Bot <1.1.0 - Command Injection
CVSS 5.0
CVE-2015-20107 HIGH
Python < 3.7.15 - Command Injection via mailcap Module
CVSS 7.6
CVE-2015-1877 HIGH
xdg-utils 1.1.0 rc1 - Command Injection via Crafted File Handling in open_generic_xdg_mime
CVSS 8.8
CVE-2015-7806 CRITICAL
WordPress Form Manager <1.7.3 - Code Injection
CVSS 9.8
CVE-2015-7841 CRITICAL
Huawei FusionServer - Info Disclosure
CVSS 9.8
CVE-2015-6971 HIGH
Lenovo System Update < 5.06.0034 - Privilege Escalation via Signed Executable Launch
CVSS 7.8
CVE-2015-5704 HIGH
devscripts <2.15.7 - Command Injection
CVSS 7.8
CVE-2015-2210 HIGH
Epicor CRS Retail Store < 3.2.03.01.008 - Local Code Execution via Help Window JavaScript Injection
CVSS 7.8
CVE-2015-2857 CRITICAL
Accellion File Transfer Appliance < 9_11_200 - Remote Code Execution via oauth_token Parameter
CVSS 9.8
CVE-2015-9059 CRITICAL
picocom < 1.8 - OS Command Injection via Send and Receive File Command
CVSS 9.8
CVE-2015-4046 HIGH
AlienVault OSSIM < 5.0 - Authenticated Remote Code Execution via Asset Discovery Scanner
CVSS 7.2
CVE-2015-8257 HIGH
AXIS network cameras - Command Injection
CVSS 8.8
CVE-2015-8988 HIGH
McAfee ePO Deep Command 2.1-2.2 - Authenticated Command Injection via Unquoted Executable Path
CVSS 8.8
CVE-2015-6024 CRITICAL
NetCommWireless HSPA 3G10WVE - Command Injection
CVSS 9.8
CVE-2015-8971 HIGH
Debian Linux - Command Injection
CVSS 7.8
CVE-2015-3441 HIGH
Genexis devices with DRGOS <1.14.1 - Command Injection
CVSS 8.8
CVE-2015-8969 CRITICAL
git-fastclone < 1.0.5 - Command Injection via Shell Command Arguments
CVSS 9.8
CVE-2015-8968 HIGH
git-fastclone < 1.0.1 - Remote Code Execution via .gitmodules
CVSS 8.8
CVE-2015-0857 CRITICAL
tardiff - Remote Command Execution via Shell Metacharacters in Tar File Name
CVSS 9.8
Details
Vulnerabilities 3,572
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits