CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-39028 CRITICAL
SeaCMS <= 12.9 - Remote Code Execution via admin_ping.php
CVSS 9.8
CVE-2024-36983 HIGH
Splunk < 9.0.10 - Command Injection
CVSS 8.0
CVE-2024-36073 HIGH
Netwrix CoSoSys Endpoint Protector <= 5.9.3 and CoSoSys Unify <= 7.0.6 - Remote Code Execution via Shadowing Component
CVSS 7.2
CVE-2024-4578 HIGH
Arista Wireless Access Points - Privilege Escalation
CVSS 8.4
CVE-2024-39373 HIGH
markoni-d(compact) firmware < 2.0.1 - OS Command Injection via Settings Manipulation
CVSS 7.2
CVE-2024-4884 CRITICAL
WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via CommunityController
CVSS 9.8
CVE-2024-4883 CRITICAL
Progress WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via NmApi.exe
CVSS 9.8
CVE-2024-6257 HIGH
HashiCorp's go-getter - Code Injection
CVSS 8.4
CVE-2024-4639 HIGH
Moxa OnCell G3470A-LTE Series Firmware < 1.7.7 - OS Command Injection via IPSec Configuration
CVSS 7.1
CVE-2024-4638 HIGH
Moxa OnCell G3470A-LTE Series Firmware < 1.7.7 - OS Command Injection via Web Key Upload Function
CVSS 7.1
CVE-2024-38903 MEDIUM
H3C Magic R230 V100R002 - OS Command Injection via UDP Port 9034
CVSS 4.1
CVE-2024-38896 MEDIUM
WAVLINK WN551K1 - OS Command Injection via nightled.cgi start_hour Parameter
CVSS 5.3
CVE-2024-38894 MEDIUM
WAVLINK WN551K1 - OS Command Injection via IP Parameter in touchlist_sync.cgi
CVSS 5.3
CVE-2024-37091 CRITICAL
Consulting Elementor Widgets < 1.3.1 and Masterstudy Elementor Widgets < 1.2.2 - OS Command Injection
CVSS 9.9
CVE-2024-24551 HIGH
Bludit < 3.15.0 - Authenticated Remote Code Execution via Image API File Upload
CVSS 8.8
CVE-2024-24550 HIGH
Bludit 3.14.0-3.15.0 - Arbitrary File Upload to Code Execution
CVSS 8.1
CVE-2024-6269 MEDIUM
Ruijie RG-UAC 1.0 - Command Injection
CVSS 4.7
CVE-2024-37642 CRITICAL
TRENDnet TEW-814DAP v1_(FW1.01B01) - OS Command Injection via ipv4_ping and ipv6_ping Parameters
CVSS 9.1
CVE-2024-35242 HIGH
Composer 2.0-2.2.23 and 2.3-2.7.6 - Command Injection via Crafted Git/Hg Branch Names
CVSS 8.8
CVE-2024-35241 HIGH
Composer 2.0-2.2.23 and 2.3-2.7.6 - OS Command Injection via Git Branch Name
CVSS 8.8
CVE-2024-37570 HIGH
Mitel 6869i SIP Firmware 4.5.0.41 - Authenticated Remote Command Execution via Manual Firmware Update
CVSS 8.8
CVE-2024-37569 HIGH
Mitel 6869i SIP Firmware < 4.5.0.41 and 5.x <= 5.0.0.1018 - Authenticated Remote Code Execution via Hostname Parameter
CVSS 8.8
CVE-2024-37385 CRITICAL
Roundcube Webmail < 1.5.7 and 1.6.x < 1.6.7 - OS Command Injection via im_convert_path and im_identify_path
CVSS 9.8
CVE-2024-30368 HIGH
A10networks Advanced Core Operating System - Command Injection
CVSS 8.8
CVE-2024-36604 CRITICAL
Tenda O3V2 <1.0.0.12 - Command Injection
CVSS 9.8
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits