CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-7160 MEDIUM
TOTOLINK A3700R 9.1.2u.5822_B20200513 - OS Command Injection via hostName Parameter
CVSS 6.3
CVE-2024-7158 MEDIUM
TOTOLINK A3100R 4.1.2cu.5050_B20200504 - Command Injection via telnet_enabled Argument
CVSS 6.3
CVE-2024-41815 HIGH
starship 1.0.0-1.19.0 - OS Command Injection via Custom Commands
CVSS 7.4
CVE-2024-38288 HIGH
R-HUB TurboMeeting <8.x - Command Injection
CVSS 7.2
CVE-2024-41136 MEDIUM
Aruba EdgeConnect SD-WAN Orchestrator 9.1.0-9.1.10 - Authenticated OS Command Injection via CLI
CVSS 6.8
CVE-2024-41135 HIGH
HPE Aruba Networking EdgeConnect - Command Injection
CVSS 7.2
CVE-2024-41134 HIGH
HPE Aruba Networking EdgeConnect - Command Injection
CVSS 7.2
CVE-2024-41133 HIGH
HPE Aruba Networking EdgeConnect - Command Injection
CVSS 7.2
CVE-2024-41319 CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via Webcmd Function
CVSS 9.8
CVE-2024-41320 HIGH
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
CVSS 8.8
CVE-2024-41318 CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
CVSS 9.8
CVE-2024-41316 CRITICAL
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter
CVSS 9.8
CVE-2024-39963 HIGH
Tenda AX9 and AX12 Firmware V22.03.01.46 - Authenticated Remote Code Execution via macFilterType Parameter
CVSS 8.0
CVE-2024-29737 MEDIUM
Apache StreamPark < 2.1.4 - Authenticated Remote Code Execution via Build Argument Injection
CVSS 4.7
CVE-2024-38492 CRITICAL
Broadcom Symantec PAM 3.4.6 and 4.1.0-4.1.7 - Upgrade Upload Remote Command Execution
CVE-2024-30213 HIGH
StoneFly Storage Concentrator - Authenticated Command Injection
CVSS 8.8
CVE-2024-40110 CRITICAL
Sourcecodester Poultry Farm Management System v1.0 - RCE
CVSS 9.8
CVE-2024-39914 CRITICAL
fogproject < 1.5.10.34 - Command Injection via Filename Parameter
CVSS 9.8
CVE-2024-39571 HIGH
SINEMA Remote Connect Server < 3.2 HF1 - Authenticated Command Injection via SNMP Configuration
CVSS 8.8
CVE-2024-39570 HIGH
SINEMA Remote Connect Server < 3.2 HF1 - Authenticated Command Injection via VxLAN Configuration
CVSS 8.8
CVE-2024-39569 MEDIUM
SINEMA Remote Connect Client < 3.2 HF1 - Command Injection via VPN Configuration Loading
CVSS 6.6
CVE-2024-39568 HIGH
SINEMA Remote Connect Client < 3.2 HF1 - Authenticated Command Injection via Proxy Configuration
CVSS 7.8
CVE-2024-39567 HIGH
SINEMA Remote Connect Client < 3.2 HF1 - Authenticated Command Injection via VPN Configuration Loading
CVSS 7.8
CVE-2024-4944 HIGH
WatchGuard Mobile VPN with SSL - Privilege Escalation
CVSS 7.8
CVE-2024-25639 MEDIUM
khoj < 1.13.0 - Cross-Site Scripting via AI Model Response and User Input
CVSS 5.9
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits