CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-49042 HIGH
Azure Database for PostgreSQL Flexible Server 12.0-12.19 - Privilege Escalation via Extension
CVSS 7.2
CVE-2024-43613 HIGH
Azure Database for PostgreSQL Flexible Server 12.0-12.19 - Privilege Escalation via Extension
CVSS 7.2
CVE-2024-49026 HIGH
Microsoft Excel - Remote Code Execution
CVSS 7.8
CVE-2024-50572 HIGH
Siemens SCALANCE and RUGGEDCOM Devices < V8.2 - Authenticated Remote Code Execution via Input Field Injection
CVSS 7.2
CVE-2024-49560 HIGH
Dell SmartFabric OS10 Software - Command Injection
CVSS 7.8
CVE-2024-49557 HIGH
Dell SmartFabric OS10 Software - Command Injection
CVSS 7.8
CVE-2024-25255 CRITICAL
Sublime Text 4 - OS Command Injection via New Build System Module
CVSS 9.8
CVE-2024-51186 HIGH
D-Link DIR-820L 1.05b03 - Remote Code Execution via ping_addr Parameter
CVSS 8.0
CVE-2024-11046 MEDIUM
D-Link DI-8003 16.07.16A1 - OS Command Injection via upgrade_filter.asp Path Parameter
CVSS 6.3
CVE-2024-50591 HIGH
Elefant Update Service - Privilege Escalation
CVSS 7.8
CVE-2024-10966 MEDIUM
TOTOLINK X18 9.1.0cu.2024_B20220329 - OS Command Injection via cstecgi.cgi enable Parameter
CVSS 6.3
CVE-2024-51736 NONE
Symphony <5.4.45, <6.4.13, <7.1.6 - Command Injection
CVE-2024-20418 CRITICAL
Cisco Aironet IOS XE Controller - Unauthenticated RCE via Web Interface
CVSS 10.0
CVE-2024-51115 CRITICAL
dcnetworks DCME-320 Firmware 7.4.12.90 - OS Command Injection
CVSS 9.8
CVE-2024-48746 CRITICAL
Lens Visual integration with Power BI 4.0.0.3 - Remote Code Execution via Natural Language Processing Component
CVSS 9.8
CVE-2024-47461 HIGH
Instant AOS-8/10 - Command Injection
CVSS 7.2
CVE-2024-47460 CRITICAL
HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 - Unauthenticated Remote Code Execution via PAPI UDP Port
CVSS 9.0
CVE-2024-42509 CRITICAL
Aruba CLI Service - Command Injection
CVSS 9.8
CVE-2024-9579 HIGH
HP Poly TC8, TC10, Studio G7500, X30, X50, X70, X52, G62 Firmware - Command Injection
CVSS 7.5
CVE-2024-52022 HIGH
Netgear R8500/R7000P/R6400v2/XR300 Firmware - OS Command Injection via wlg_adv.cgi apmode_gateway Parameter
CVSS 8.0
CVE-2024-10035 CRITICAL
BG-TEK CoslatV3 < 3.1069 - OS Command Injection
CVSS 9.8
CVE-2024-10697 MEDIUM
Tenda AC6 15.03.05.19 - OS Command Injection via WriteFacMac API Endpoint
CVSS 6.3
CVE-2024-51260 CRITICAL
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi acme_process
CVSS 9.8
CVE-2024-51255 CRITICAL
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi
CVSS 9.8
CVE-2024-51259 CRITICAL
DrayTek Vigor3900 1.5.1.3 - OS Command Injection via mainfunction.cgi setup_cacertificate
CVSS 9.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits