CWE-77

High likelihood

Improper Neutralization of Special Elements used in a Command ('Command Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

3,570 vulnerabilities with CWE-77
CVE-2023-2374 MEDIUM
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 6.3
CVE-2023-2373 MEDIUM
Ubiquiti EdgeRouter X <2.0.9-hotfix.6 - Command Injection
CVSS 6.3
CVE-2023-30623 HIGH
embano1/wip < 2 - Unauthenticated Command Injection via Pull Request Title Parameter
CVSS 8.8
CVE-2023-29566 CRITICAL
dawnsparks-node-tesseract 0.4.0-0.4.1 - Remote Code Execution via child_process Function
CVSS 9.8
CVE-2023-27849 CRITICAL
rails-routes-to-json 1.0.0 - Remote Code Execution via child_process Function
CVSS 9.8
CVE-2023-27848 CRITICAL
broccoli-compass 0.2.4 - Remote Code Execution via child_process Function
CVSS 9.8
CVE-2023-22913 HIGH
Zyxel USG FLEX and VPN Series Firmware 4.50-5.35 - Authenticated Command Injection via account_operator.cgi
CVSS 8.1
CVE-2023-20865 HIGH
VMware Aria Operations for Logs 8.6.0-8.11.2 - Authenticated Command Injection
CVSS 7.2
CVE-2023-29855 HIGH
WBCE CMS 1.5.3 - Command Injection via admin/languages/install.php
CVSS 7.2
CVE-2023-30535 HIGH
Snowflake JDBC < 3.13.29 - Remote Code Execution via Malicious SSO URL
CVSS 7.3
CVE-2023-29803 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 - OS Command Injection via disconnectVPN pid Parameter
CVSS 9.8
CVE-2023-29802 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 - OS Command Injection via setDiagnosisCfg ip Parameter
CVSS 9.8
CVE-2023-29801 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 - OS Command Injection via rtLogEnabled and rtLogServer Parameters
CVSS 9.8
CVE-2023-29800 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 - OS Command Injection via UploadFirmwareFile FileName Parameter
CVSS 9.8
CVE-2023-29799 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 - OS Command Injection via Hostname Parameter
CVSS 9.8
CVE-2023-29798 CRITICAL
TOTOLINK X18 V9.1.0cu.2024_B20220329 - OS Command Injection via setTracerouteCfg Command Parameter
CVSS 9.8
CVE-2023-30638 HIGH
Atos Unify Openscape Bcf < 10r10.7.0 - Command Injection
CVSS 7.2
CVE-2023-29084 HIGH
ManageEngine ADManager Plus ChangePasswordAction Authenticated Command Injection
CVSS 7.2
CVE-2023-20118 MEDIUM KEV
Cisco Small Business Routers - Command Injection
CVSS 6.5
CVE-2023-28489 CRITICAL
CP-8031 MASTER MODULE < CPCI85 V05 - Command Injection
CVSS 9.8
CVE-2023-26978 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - Command Injection
CVSS 9.8
CVE-2023-26848 CRITICAL
TOTOlink A7100RU(V7.4cu.2313_B20191024) - Command Injection
CVSS 9.8
CVE-2023-29475 CRITICAL
Atos Unify OpenScape 4000 Platform and Manager Platform 10 R1 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-29474 CRITICAL
Atos Unify OpenScape 4000 Platform and Manager Platform 10 R1 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-29473 CRITICAL
Atos Unify OpenScape 4000 Platform < 10 R1.34.4 - Unauthenticated RCE via Webservice
CVSS 9.8
Details
Vulnerabilities 3,570
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits