CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-52026 CRITICAL
TOTOlink EX1800T V9.1.0cu.2112_B20220316 - RCE
CVSS 9.8
CVE-2023-51984 CRITICAL
D-Link DIR-822+ V1.0.2 - Command Injection
CVSS 9.8
CVE-2023-52029 CRITICAL
TOTOlink A3700R v9.1.2u.5822_B20200513 - Remote Code Execution via setDiagnosisCfg Function
CVSS 9.8
CVE-2023-52028 CRITICAL
TOTOlink A3700R v9.1.2u.5822_B20200513 - Remote Code Execution via setTracerouteCfg Function
CVSS 9.8
CVE-2023-51123 CRITICAL
D-Link DIR-815 soapcgi_main - service Parameter Command Injection
CVSS 9.8
CVE-2023-49235 CRITICAL
TRENDnet TV-IP1314PI <5.5.3 - Command Injection
CVSS 9.8
CVE-2023-35964 HIGH
GTKWave <3.3.115 - Command Injection
CVSS 7.8
CVE-2023-35963 HIGH
GTKWave <3.3.115 - Command Injection
CVSS 7.8
CVE-2023-35962 HIGH
GTKWave 3.3.115 - Command Injection
CVSS 7.8
CVE-2023-35961 HIGH
GTKWave <3.3.115 - Command Injection
CVSS 7.8
CVE-2023-35960 HIGH
GTKWave <3.3.115 - Command Injection
CVSS 7.8
CVE-2023-35959 HIGH
GTKWave <3.3.115 - Command Injection
CVSS 7.8
CVE-2023-29048 HIGH
OXMF Template Engine - Command Injection
CVSS 8.8
CVE-2023-47560 HIGH
QuMagie < 2.2.1 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-41289 MEDIUM
QcalAgent <1.1.8 - Command Injection
CVSS 6.3
CVE-2023-41288 HIGH
Video Station <5.7.2 - Command Injection
CVSS 8.8
CVE-2023-39294 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-52314 CRITICAL
PaddlePaddle < 2.6.0 - OS Command Injection via convert_shape_compare
CVSS 9.6
CVE-2023-52311 CRITICAL
PaddlePaddle < 2.6.0 - OS Command Injection via _wget_download
CVSS 9.6
CVE-2023-52310 CRITICAL
PaddlePaddle < 2.6.0 - OS Command Injection via get_online_pass_interval
CVSS 9.6
CVE-2023-50094 HIGH
reNgine < 2.0.2 - Authenticated OS Command Injection via WAF Detector URL Parameter
CVSS 8.8
CVE-2023-50651 CRITICAL
TOTOLINK X6000R v9.4.0cu.852_B20230719 - Remote Code Execution via cstecgi.cgi Component
CVSS 9.8
CVE-2023-4464 HIGH
Poly CCX/Trio/EDGE/VVX - OS Command Injection via Diagnostic Telnet Mode
CVSS 7.2
CVE-2023-50445 HIGH
GL.iNet Firmware - Unauthenticated OS Command Injection via logread and upgrade API Functions
CVSS 7.8
CVE-2023-7116 MEDIUM
WeiYe-Jing datax-web 2.1.2 - OS Command Injection via /api/log/killJob processId Parameter
CVSS 6.3
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits