CWE-77
High likelihoodImproper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
3,570 vulnerabilities with CWE-77
CVE-2023-35973
HIGH
ArubaOS 6.5.4.0-8.6.0.21 - Authenticated Command Injection via CLI
CVSS 7.2
CVE-2023-35972
HIGH
ArubaOS 6.5.4.0-8.6.0.21 - Authenticated Remote Command Injection via Web Management Interface
CVSS 7.2
CVE-2023-28365
CRITICAL
UniFi Network Application < 7.4.156 - Authenticated Command Injection via Backup File Restore
CVSS 9.1
CVE-2023-33298
HIGH
Perimeter81 10.0.0.19 - Privilege Escalation
CVSS 7.8
CVE-2023-22816
MEDIUM
Western Digital My Cloud OS < 5.26.300 - Authenticated Remote Command Injection via CGI File
CVSS 6.0
CVE-2023-22815
MEDIUM
Western Digital My Cloud OS < 5.26.300 - Authenticated Remote Command Injection via CGI Files
CVSS 6.2
CVE-2023-34849
CRITICAL
ikuaios < 3.7.1 - Unauthenticated OS Command Injection via ActionLogin Function
CVSS 9.8
CVE-2023-26134
CRITICAL
git-commit-info <2.0.2 - Command Injection
CVSS 9.8
CVE-2023-35932
HIGH
jcvi < 1.3.5 - Configuration Injection
CVSS 7.1
CVE-2023-30260
HIGH
RaspAP raspap-webgui < 2.8.8 - Remote Command Injection via Hostapd Settings Form
CVSS 8.8
CVE-2023-30258
CRITICAL
magnusbilling 6.0.0-7.2.9 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-26429
LOW
Open-Xchange AppSuite Backend - Control Character Injection via User Feedback
CVSS 3.5
CVE-2023-24032
HIGH
Zimbra Collaboration Suite <9.0-8.8.15 - Privilege Escalation
CVSS 7.8
CVE-2023-31746
CRITICAL
adslr VW2100 M1DV1.0 - Command Injection
CVSS 9.8
CVE-2023-27836
CRITICAL
TP-Link TL-WPA8630P V2 171011 - OS Command Injection via devicePwd Parameter
CVSS 9.8
CVE-2023-27837
CRITICAL
TP-Link TL-WPA8630P (US) V2 Version 171011 - Command Injection via Key Parameter
CVSS 9.8
CVE-2023-33919
HIGH
CP-8031/8050 MASTER MODULE - Command Injection
CVSS 7.2
CVE-2023-26298
HIGH
HP Device Manager <5.0.10 - Command Injection/Privilege Escalation
CVSS 8.8
CVE-2023-26297
HIGH
HP Device Manager <5.0.10 - Command Injection/Privilege Escalation
CVSS 8.8
CVE-2023-26296
HIGH
HP Device Manager <5.0.10 - Command Injection/Privilege Escalation
CVSS 8.8
CVE-2023-26295
CRITICAL
HP Device Manager <5.0.10 - Command Injection/Privilege Escalation
CVSS 9.8
CVE-2023-26294
HIGH
HP Device Manager <5.0.10 - Command Injection/Privilege Escalation
CVSS 7.8
CVE-2023-33625
CRITICAL
D-Link DIR-600 <2.18 - Command Injection
CVSS 9.8
CVE-2023-34105
HIGH
SRS <5.0.157, <5.0-b1, <6.0.48 - Command Injection
CVSS 7.5
CVE-2023-3206
MEDIUM
Chengdu VEC40G 3.0 - Denial of Service via /send_order.cgi Restart Parameter
CVSS 5.3
Details
Vulnerabilities
3,570
Exploit Likelihood
High