CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-51100 CRITICAL
Tenda W9 V1.0.0.7 - Command Injection
CVSS 9.8
CVE-2023-51099 CRITICAL
Tenda W9 V1.0.0.7 - Command Injection
CVSS 9.8
CVE-2023-51098 CRITICAL
Tenda W9 V1.0.0.7 - Command Injection
CVSS 9.8
CVE-2023-51094 CRITICAL
Tenda M3 V1.0.0.12 - Command Injection
CVSS 9.8
CVE-2023-45741 MEDIUM
VR-S1000 Firmware < 2.37 - Authenticated OS Command Injection
CVSS 6.8
CVE-2023-7093 MEDIUM
kylin-system-updater < 2.0.5.16-0k2.33 - OS Command Injection via SetDownloadspeedMax Argument
CVSS 5.3
CVE-2023-7002 HIGH
Backup Migration < 1.3.9 - Authenticated OS Command Injection via URL Parameter
CVSS 7.2
CVE-2023-51035 CRITICAL
TOTOLINK EX1200L V9.3.5u.6146_B20201023 - Command Injection
CVSS 9.8
CVE-2023-51033 CRITICAL
TOTOlink EX1200L V9.3.5u.6146_B20201023 - Command Injection
CVSS 9.8
CVE-2023-50147 CRITICAL
TOTOlink A3700R Firmware V9.1.2u.5822_B20200513 - OS Command Injection via setDiagnosisCfg Function
CVSS 9.8
CVE-2023-51028 CRITICAL
TOTOLINK EX1800T <9.1.0cu.2112_B20220316 - Command Injection
CVSS 9.8
CVE-2023-50993 CRITICAL
Ruijie RG-WS6008 and RG-WS6108 Firmware - OS Command Injection via downFiles Function
CVSS 9.8
CVE-2023-35895 MEDIUM
IBM Informix JDBC Driver <4.10,4.50 - RCE
CVSS 6.3
CVE-2023-0011 HIGH
u-blox TOBY-L2 Series - OS Command Injection via AT Commands
CVSS 7.6
CVE-2023-50466 HIGH
Weintek cMT2078X Firmware v2.1.3 - Authenticated OS Command Injection via HMI Name Parameter
CVSS 8.8
CVE-2023-51385 MEDIUM
OpenSSH < 9.6 - OS Command Injection via Shell Metacharacters in Username or Hostname
CVSS 6.5
CVE-2023-6901 HIGH
codelyfe stupid_simple_cms 1.1.7-1.2.3 - OS Command Injection via /terminal/handle-command.php Command Parameter
CVSS 7.3
CVE-2023-6895 MEDIUM
Hikvision Intercom Broadcast System 3.0.3-4.1.0 - OS Command Injection via jsondata[ip] Parameter
CVSS 6.3
CVE-2023-48380 HIGH
Softnext Mail SQR Expert < 230330 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-48668 HIGH
Dell Powerprotect Data Domain Management Center < 6.2.1.110 - OS Command Injection
CVSS 8.2
CVE-2023-48667 HIGH
Dell PowerProtect DD <7.13.0.10-6.2.1.110 - Command Injection
CVSS 7.2
CVE-2023-48665 HIGH
Dell vApp Manager <9.2.4 - Command Injection
CVSS 7.2
CVE-2023-48664 HIGH
Dell vApp Manager <9.2.4 - Command Injection
CVSS 7.2
CVE-2023-48663 HIGH
Dell vApp Manager <9.2.4 - Command Injection
CVSS 7.2
CVE-2023-48662 HIGH
Dell vApp Manager <9.2.4 - Command Injection
CVSS 7.2
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits