CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2024-1374 CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Nomad Templates
CVSS 9.1
CVE-2024-1372 CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via SAML Settings
CVSS 9.1
CVE-2024-1369 CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Management Console Collectd Configuration
CVSS 9.1
CVE-2024-1359 CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via HTTP Proxy Setup
CVSS 9.1
CVE-2024-1355 CRITICAL
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via Management Console Service URL
CVSS 9.1
CVE-2024-1354 HIGH
GitHub Enterprise Server < 3.8.15 - Authenticated Command Injection via syslog-ng Configuration
CVSS 8.0
CVE-2024-20667 HIGH
Azure DevOps Server - Remote Code Execution
CVSS 7.5
CVE-2024-23749 HIGH
9bis/kitty < 0.76.1.13 - Command Injection via Filename Variable
CVSS 7.8
CVE-2024-24321 CRITICAL
Dlink DIR-816A2 v.1.10CNB05 - Remote Code Execution via wizardstep4_ssid_2 Parameter
CVSS 9.8
CVE-2024-24216 CRITICAL
Zentao 18.0-18.10 - Remote Code Execution via checkConnection Method
CVSS 9.8
CVE-2024-23049 CRITICAL
b3log/symphony < 3.6.3 - Remote Code Execution via log4j Component
CVSS 9.8
CVE-2024-22107 HIGH
GTB Central Console 15.17.1-30814.NG - Command Injection
CVSS 7.2
CVE-2024-22903 HIGH
Vinchin Backup & Recovery <7.2 - Authenticated RCE
CVSS 8.8
CVE-2024-22900 HIGH
Vinchin Backup & Recovery <7.2 - Authenticated RCE
CVSS 8.8
CVE-2024-0325 LOW
Helix Sync < 2024.1 - Local Command Injection
CVSS 3.6
CVE-2024-23745 CRITICAL
Notion Web Clipper 1.0.3(7) - Command Injection via Dirty NIB Attack
CVSS 9.8
CVE-2024-21488 HIGH
forkhq/network < 0.7.0 - OS Command Injection via mac_address_for Function
CVSS 7.3
CVE-2024-0920 HIGH
TRENDnet TEW-822DRE 1.03B02 - Command Injection
CVSS 7.2
CVE-2024-0919 HIGH
TRENDnet TEW-815DAP 1.0.2.0 - Command Injection
CVSS 8.8
CVE-2024-22545 HIGH
TRENDnet TEW-824DRU 1.04b01 - Unauthenticated Remote Code Execution via NTP Server Parameter
CVSS 7.8
CVE-2024-23628 CRITICAL
Motorola MR2600 - Command Injection via SaveStaticRouteIPv6Params
CVSS 9.0
CVE-2024-23627 CRITICAL
Motorola MR2600 - Command Injection via SaveStaticRouteIPv4Params
CVSS 9.0
CVE-2024-23626 CRITICAL
Motorola MR2600 Firmware - Authenticated Command Injection via SaveSysLogParams Parameter
CVSS 9.0
CVE-2024-23625 CRITICAL
D-Link DAP-1650 Firmware - Unauthenticated Command Injection via UPnP SUBSCRIBE Message
CVSS 9.6
CVE-2024-23624 CRITICAL
D-Link DAP-1650 Firmware - Unauthenticated OS Command Injection via gena.cgi
CVSS 9.6
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits