CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-6319 CRITICAL
webOS <5.30.40, <6.3.3-442 - Command Injection
CVSS 9.1
CVE-2023-6318 CRITICAL
LG webOS 5-7 - Authenticated OS Command Injection via com.webos.service.cloudupload processAnalyticsReport
CVSS 9.1
CVE-2023-1082 HIGH
Unknown Product <Version> - Command Injection
CVSS 8.8
CVE-2023-3454 HIGH
Brocade Fabric OS 9.0.0-9.1.1d1 - Remote Code Execution
CVSS 8.6
CVE-2023-25699 CRITICAL
VideoWhisper Live Streaming Integration <= 5.5.15 - OS Command Injection
CVSS 9.0
CVE-2023-51572 CRITICAL
Voltronic Power ViewPower Pro - Command Injection
CVSS 9.8
CVE-2023-6437 CRITICAL
TP-Link <20240328 - Command Injection
CVSS 9.8
CVE-2023-44092 HIGH
Pandora FMS <776 - Command Injection
CVSS 7.6
CVE-2023-51699 MEDIUM
Fluid < 0.9.3 - Authenticated OS Command Injection via JuicefsRuntime CRD
CVSS 4.0
CVE-2023-34980 MEDIUM
QNAP QTS 4.5.1-4.5.4.2626 and QuTS hero h4.5.0-h4.5.4.2625 - Authenticated OS Command Injection
CVSS 5.9
CVE-2023-47415 HIGH
Cypress CTM-200 Firmware < 2.7.1.5600-113 - OS Command Injection via cli_text Parameter
CVSS 7.5
CVE-2023-25925 HIGH
IBM Security Guardium Key Lifecycle Manager 3.0-4.1.1 - Authenticated Remote Code Execution
CVSS 8.5
CVE-2023-51450 MEDIUM
baserCMS <5.0.9 - Command Injection
CVSS 5.6
CVE-2023-6398 HIGH
Zyxel ATP <5.37 - Command Injection
CVSS 7.2
CVE-2023-6260 CRITICAL
Brivo ACS100-ACS300 <6.2.4.3 - Command Injection
CVSS 9.0
CVE-2023-32462 CRITICAL
Dell SmartFabric OS10 10.5.2.0-10.5.2.11 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-50358 MEDIUM
QNAP QTS 4.2.0-4.2.5 - OS Command Injection
CVSS 5.8
CVE-2023-47218 MEDIUM
QNAP QTS 5.1.0-5.1.5.2645 and QuTS hero h5.1.0-h5.1.5.2647 and QuTScloud c5.0.0.1919-c5.1.5.2651 - OS Command Injection
CVSS 5.8
CVE-2023-47618 HIGH
TP-Link ER7206 Firmware 1.3.0 - Authenticated OS Command Injection via Web Filtering Functionality
CVSS 7.2
CVE-2023-47617 HIGH
TP-Link ER7206 Firmware 1.3.0 - Authenticated OS Command Injection via Web Group Member Configuration
CVSS 7.2
CVE-2023-47209 HIGH
TP-Link ER7206 Firmware 1.3.0 - Authenticated OS Command Injection in IPsec Policy Functionality
CVSS 7.2
CVE-2023-47167 HIGH
TP-Link ER7206 Firmware 1.3.0 - Authenticated OS Command Injection via GRE Policy
CVSS 7.2
CVE-2023-46683 HIGH
Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 - Command Injection
CVSS 7.2
CVE-2023-43482 HIGH
Tp-Link ER7206 Omada - Command Injection
CVSS 7.2
CVE-2023-42664 HIGH
TP-Link ER7206 Firmware 1.3.0 - Authenticated OS Command Injection via PPTP Global Configuration
CVSS 7.2
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits