CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-39001 CRITICAL
OPNsense <23.7-23.4.2 - Command Injection
CVSS 9.8
CVE-2023-32782 HIGH
PRTG Network Monitor < 23.3.86.1520 - Authenticated Command Injection via Dicom C-ECHO Sensor Debug Option
CVSS 7.2
CVE-2023-32781 HIGH
Paessler PRTG Network Monitor < 23.3.86.1520 - Authenticated Command Injection
CVSS 7.2
CVE-2023-26310 HIGH
Mobile Phone Backup App - Command Injection
CVSS 7.4
CVE-2023-35390 HIGH
.NET 6.0.0-6.0.20 and Visual Studio 2022 17.2.0-17.2.17 - Remote Code Execution
CVSS 7.8
CVE-2023-39523 MEDIUM
ScanCode.io < 32.5.1 - Authenticated Command Injection via Docker Reference Parameter
CVSS 6.8
CVE-2023-38928 CRITICAL
Netgear R7100LG 1.0.0.78 - Command Injection
CVSS 9.8
CVE-2023-38921 HIGH
Netgear WG302v2 <5.2.9 & WAG302v2 <5.1.19 - Command Injection
CVSS 8.8
CVE-2023-38690 MEDIUM
matrix-appservice-irc <1.0.1 - Command Injection
CVSS 5.8
CVE-2023-38941 CRITICAL
django-sspanel v2022.2.2 - Remote Code Execution via GoodsCreateView._post
CVSS 9.8
CVE-2023-38942 CRITICAL
dango-translator 4.5.5 - Remote Code Execution via Cloud Config JSON
CVSS 9.8
CVE-2023-4120 MEDIUM
Byzoro Smart S85F < 20230722 - Command Injection via importhtml.php sql Parameter
CVSS 6.3
CVE-2023-37679 CRITICAL
Mirth Connect Deserialization RCE
CVSS 9.8
CVE-2023-26317 HIGH
Xiaomi Router Firmware < 2023.2 - OS Command Injection via External Interface
CVSS 7.0
CVE-2023-26430 LOW
open-xchange_appsuite_backend - Authenticated Command Injection via SIEVE Mail-Filter Rules
CVSS 3.5
CVE-2023-3739 MEDIUM
Google Chrome < 115.0.5790.131 - Remote Code Execution via Crafted Shell Script
CVSS 6.3
CVE-2023-31429 MEDIUM
Brocade Fabric OS <9.1.1c-9.2.0 - Info Disclosure
CVSS 5.5
CVE-2023-3718 HIGH
ArubaOS-CX 10.10.0000-10.10.1049 - Authenticated Command Injection via CLI
CVSS 8.8
CVE-2023-34960 CRITICAL
Chamilo unauthenticated command injection in PowerPoint upload
CVSS 9.8
CVE-2023-37214 CRITICAL
Heights Telecom ERO1xS-Pro Dual-Band Firmware < bz_ero1xp.027 - OS Command Injection
CVSS 9.8
CVE-2023-28012 MEDIUM
HCL BigFix Mobile - Authenticated Command Injection
CVSS 5.4
CVE-2023-28130 HIGH
Check Point Gaia Portal - Privilege Escalation via Hostnames Page
CVSS 7.2
CVE-2023-37794 CRITICAL
WAYOS FBM-291W 19.09.11V - Command Injection via /upgrade_filter.asp
CVSS 9.8
CVE-2023-38336 CRITICAL
netkit-rcp - Command Injection via Filename Handling
CVSS 9.8
CVE-2023-38286 HIGH
Thymeleaf <3.1.1.RELEASE - Auth Bypass
CVSS 7.5
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits