CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-41283 MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-41282 MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-41281 MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-51833 HIGH
TRENDnet TEW-411BRPplus <2.07_eu - Command Injection
CVSS 8.1
CVE-2023-7227 CRITICAL
SystemK NVR 504/508/516 <= 2.3.5SK.30084998 - OS Command Injection in DDNS Settings
CVSS 9.8
CVE-2023-52040 CRITICAL
TOTOLINK X6000R <9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-52039 CRITICAL
TOTOLINK X6000R <9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-52038 CRITICAL
TOTOLINK X6000R <9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-51887 CRITICAL
Mathtex < 1.05 - Remote Code Execution via Crafted URL String
CVSS 9.8
CVE-2023-50274 HIGH
HPE OneView < 8.70 - Command Injection
CVSS 7.8
CVE-2023-24135 HIGH
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en - Command Injection
CVSS 7.8
CVE-2023-52042 CRITICAL
TOTOLINK X6000R V9.4.0cu.852_B20230719 - Command Injection
CVSS 9.8
CVE-2023-4797 HIGH
Newsletters < 4.9.3 - Authenticated Command Injection via SQL Query Parameters
CVSS 7.2
CVE-2023-42136 HIGH
PAX PayDroid < 8.1.0_sagittarius_11.1.50_20230614 - Authenticated OS Command Injection via Shell
CVSS 7.8
CVE-2023-6634 HIGH
LearnPress <4.2.5.7 - Command Injection
CVSS 8.1
CVE-2023-52027 CRITICAL
TOTOlink A3700R <9.1.2u.5822_B20200513 - RCE
CVSS 9.8
CVE-2023-51126 CRITICAL
FLIR AX8 <1.49.16 - Command Injection
CVSS 9.8
CVE-2023-51972 CRITICAL
Tenda AX1803 v1.0.0.1 - Command Injection
CVSS 9.8
CVE-2023-31446 CRITICAL
Cassia Gateway firmware - Code Injection
CVSS 9.8
CVE-2023-49237 CRITICAL
TRENDnet TV-IP1314PI <5.5.3 - Command Injection
CVSS 9.8
CVE-2023-47560 HIGH
QuMagie < 2.2.1 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-51812 CRITICAL
Tenda AX3 v16.03.12.11 - Remote Code Execution via SetNetControlList list Parameter
CVSS 9.8
CVE-2023-52137 HIGH
tj-actions/verify-changed-files < 17.0.0 - Command Injection via Changed Filename Special Characters
CVSS 7.7
CVE-2023-50445 HIGH
GL.iNet Firmware - Unauthenticated OS Command Injection via logread and upgrade API Functions
CVSS 7.8
CVE-2023-51664 HIGH
tj-actions/changed-files <41.0.0 - Command Injection
CVSS 7.3
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits