CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2024-22529 CRITICAL
TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 - Command Injection
CVSS 9.8
CVE-2024-22729 CRITICAL
Netis MW5360 V1.0.1.3031 - Command Injection
CVSS 9.8
CVE-2024-22651 CRITICAL
D-Link DIR-815 <1.04 - Command Injection
CVSS 9.8
CVE-2024-22663 CRITICAL
TOTOLINK A3700R V9.1.2u - Command Injection
CVSS 9.8
CVE-2024-20287 MEDIUM
Cisco WAP371 Wireless-AC/N Dual Radio - Command Injection
CVSS 6.5
CVE-2024-0507 MEDIUM
GitHub Enterprise Server - Privilege Escalation
CVSS 6.5
CVE-2024-0579 MEDIUM
Totolink X2000R 1.0.0-B20221212.1452 - Command Injection
CVSS 6.3
CVE-2024-21887 CRITICAL KEV
Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection
CVSS 9.1
CVE-2024-22198 HIGH
Nginx-UI < 2.0.0.beta.9 - Authenticated Remote Code Execution via Terminal Start Command
CVSS 7.1
CVE-2024-22197 HIGH
nginx_ui < 2.0.0 - Authenticated Remote Code Execution via API Command Injection
CVSS 7.7
CVE-2024-20676 HIGH
Azure Storage Mover < 3.0.430 - Remote Code Execution
CVSS 8.0
CVE-2024-21663 CRITICAL
demon1a discord-recon < 0.0.8 - Unauthenticated Remote Code Execution
CVSS 9.9
CVE-2024-0291 MEDIUM
Totolink LR1200GB 9.1.0u.6619_B20230130 - OS Command Injection via UploadFirmwareFile FileName Parameter
CVSS 6.3
CVE-2023-47268 MEDIUM
Prusa PrusaSlicer through 2.6.1 - Code Injection
CVSS 5.3
CVE-2023-49565 HIGH
Podman container - Command Injection
CVSS 8.4
CVE-2023-47356 HIGH
Mingyu Security Gateway <3.0-5.3p - RCE
CVSS 8.8
CVE-2023-51295 MEDIUM
PHPJabbers Event Booking Calendar v4.0 - XSS
CVSS 6.5
CVE-2023-33300 MEDIUM
Fortinet FortiNAC <7.2.1 & <9.4.3 - Command Injection
CVSS 5.3
CVE-2023-5878 CRITICAL
Honeywell OneWireless - Command Injection
CVE-2023-23356 MEDIUM
QuFirewall < 2.3.3 - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-24467 HIGH
OpenText iManager <3.2.6.0000 - Command Injection
CVSS 8.8
CVE-2023-37154 HIGH
Nagios nagios-plugins <2.4.5 - Command Injection
CVSS 8.4
CVE-2023-36103 CRITICAL
Tenda AC15 V15.03.05.20 - Command Injection
CVSS 9.8
CVE-2023-47563 HIGH
QNAP Video Station 5.0.0-5.8.1 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-26315 MEDIUM
Xiaomi router AX9000 - Command Injection
CVSS 6.5
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits