CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,567 vulnerabilities with CWE-77
CVE-2024-34792 CRITICAL
Dextaz Ping < 0.65 - Command Injection
CVSS 9.1
CVE-2024-36783 CRITICAL
TOTOLINK LR350 V9.3.5u.6369_B20220309 - Command Injection
CVSS 9.8
CVE-2024-35401 MEDIUM
TOTOLINK CP900L v4.1.5cu.798_B20221228 - OS Command Injection via UploadFirmwareFile FileName Parameter
CVSS 5.9
CVE-2024-34852 MEDIUM
F-logic DataCube3 v1.0 - Unauthenticated Command Injection via transceiver_schedule.php File Name
CVSS 6.3
CVE-2024-35397 HIGH
TOTOLINK CP900L v4.1.5cu.798_B20221228 - OS Command Injection via NTPSyncWithHost HostTime Parameter
CVSS 8.8
CVE-2024-5035 HIGH
Archer C4500X <1.1.1.6 - Command Injection
CVE-2024-5355 MEDIUM
Anji-plus AJ-Report <1.4.1 - Command Injection
CVSS 6.3
CVE-2024-35374 CRITICAL
Mocodo Online < 4.2.6 - Remote Code Execution via SQL Case Input Field
CVSS 9.8
CVE-2024-35340 HIGH
Tenda FH1206 V1.2.0.8(8155) - OS Command Injection via cmdinput Parameter
CVSS 8.6
CVE-2024-4267 CRITICAL
lollms-webui 9.5 - Remote Code Execution via 'open_file' Function
CVSS 9.8
CVE-2024-5196 MEDIUM
Arris VAP2500 08.50 - Command Injection
CVSS 4.7
CVE-2024-5195 MEDIUM
Arris VAP2500 08.50 - Command Injection
CVSS 4.7
CVE-2024-5194 MEDIUM
Arris VAP2500 08.50 - Command Injection
CVSS 4.7
CVE-2024-5023 CRITICAL
Netflix ConsoleMe < 1.4.0 - Command Injection
CVE-2024-1417 HIGH
WatchGuard AuthPoint Password Manager <1.0.6 - Command Injection
CVSS 7.8
CVE-2024-20326 HIGH
Cisco ConfD/Crosswork - Privilege Escalation
CVSS 7.8
CVE-2024-4999 CRITICAL
Ligowave <6.95-2 - Privilege Escalation
CVE-2024-4078 CRITICAL
parisneo/lollms - Remote Code Execution via Unsanitized Name Parameter in /unInstall_binding Endpoint
CVSS 9.8
CVE-2024-2366 CRITICAL
lollms_web_ui < 9.5 - Remote Code Execution via Binding Path Traversal
CVSS 9.0
CVE-2024-3483 HIGH
OpenText iManager 3.0-3.2.6 - Remote Code Execution via Insecure Deserialization
CVSS 7.8
CVE-2024-34713 LOW
cea-hpc sshproxy < 1.6.3 - Authenticated Command Injection via SSH Options
CVSS 3.5
CVE-2024-32355 HIGH
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 8.0
CVE-2024-32354 MEDIUM
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 6.0
CVE-2024-32353 CRITICAL
TOTOLINK X5000R V9.1.0cu.2350_B20230313 - Command Injection
CVSS 9.8
CVE-2024-32349 MEDIUM
TOTOLINK X5000R - Authenticated RCE
CVSS 6.0
Details
Vulnerabilities 3,567
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits