CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-47675 HIGH
CubeCart < 6.5.3 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-6019 CRITICAL
Ray < 2.8.1 - Unauthenticated Remote Code Execution via CPU Profile URL Parameter
CVSS 9.8
CVE-2023-6018 CRITICAL
MLflow - Unauthenticated File Overwrite
CVSS 9.8
CVE-2023-43752 HIGH
WRC-X3000GS2-W <1.05 - Command Injection
CVSS 8.0
CVE-2023-36553 CRITICAL
Fortinet FortiSIEM <5.4.0-5.0.1 - Command Injection
CVSS 9.8
CVE-2023-5037 HIGH
Hanwha Vision Camera Firmware < 1.41.16 and < 2.22.02 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-39295 HIGH
QuMagie < 2.1.4 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-23367 MEDIUM
QNAP QTS, QuTS hero, and QuTScloud - Authenticated OS Command Injection
CVSS 4.7
CVE-2023-26156 MEDIUM
Chromedriver <119.0.1 - Command Injection
CVSS 5.6
CVE-2023-4249 HIGH
Zavio IP Cameras <M2.1.6.05 - Command Injection
CVSS 8.8
CVE-2023-23369 CRITICAL
QNAP QTS - OS Command Injection via Network
CVSS 9.0
CVE-2023-23368 CRITICAL
QNAP QTS and QuTS - OS Command Injection
CVSS 9.8
CVE-2023-41352 HIGH
Chunghwa Telecom NOKIA G-040W-Q - Command Injection
CVSS 7.2
CVE-2023-41348 HIGH
ASUS RT-AX55 Firmware - Authenticated OS Command Injection in Code-Authentication Module
CVSS 8.8
CVE-2023-41347 HIGH
ASUS RT-AX55 Firmware - Authenticated OS Command Injection via Check Token Module
CVSS 8.8
CVE-2023-41346 HIGH
ASUS RT-AX55 Firmware - Authenticated OS Command Injection via Token-Refresh Module
CVSS 8.8
CVE-2023-41345 HIGH
ASUS RT-AX55 Firmware - Authenticated OS Command Injection via Token Generation Module
CVSS 8.8
CVE-2023-20219 HIGH
Cisco Firepower Management Center - RCE
CVSS 7.2
CVE-2023-20175 HIGH
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command
CVSS 8.8
CVE-2023-20170 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command
CVSS 6.0
CVE-2023-43139 CRITICAL
franfinance < 2.0.27 - Remote Code Execution via validation.php
CVSS 9.8
CVE-2023-47104 CRITICAL
vareille tiny_file_dialogs < 3.15.0 - OS Command Injection via Shell Metacharacters in Input Data
CVSS 9.8
CVE-2023-46510 CRITICAL
ZIONCOM A7000R Firmware 4.1cu.4154 - OS Command Injection via cstecgi.cgi Password Configuration
CVSS 9.8
CVE-2023-43208 CRITICAL KEV
NextGen Healthcare Mirth Connect <4.4.1 - RCE
CVSS 9.8
CVE-2023-20273 HIGH KEV
Cisco IOS XE - Authenticated OS Command Injection via Web UI
CVSS 7.2
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits