CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,985 vulnerabilities with CWE-78
CVE-2023-20175 HIGH
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command
CVSS 8.8
CVE-2023-20170 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Command
CVSS 6.0
CVE-2023-43139 CRITICAL
franfinance < 2.0.27 - Remote Code Execution via validation.php
CVSS 9.8
CVE-2023-47104 CRITICAL
vareille tiny_file_dialogs < 3.15.0 - OS Command Injection via Shell Metacharacters in Input Data
CVSS 9.8
CVE-2023-46510 CRITICAL
ZIONCOM A7000R Firmware 4.1cu.4154 - OS Command Injection via cstecgi.cgi Password Configuration
CVSS 9.8
CVE-2023-43208 CRITICAL KEV
NextGen Healthcare Mirth Connect <4.4.1 - RCE
CVSS 9.8
CVE-2023-20273 HIGH KEV
Cisco IOS XE - Authenticated OS Command Injection via Web UI
CVSS 7.2
CVE-2023-33839 HIGH
IBM Security Verify Governance 10.0 - Command Injection
CVSS 7.2
CVE-2023-43066 MEDIUM
Dell Unity <5.3 - Privilege Escalation
CVSS 5.1
CVE-2023-28805 MEDIUM
Zscaler Client Connector <1.4.0.105 - Privilege Escalation
CVSS 6.7
CVE-2023-46306 HIGH
NetModule Router Software <4.6.0.106, 4.8.0.101 - Command Injection
CVSS 8.4
CVE-2023-5684 MEDIUM
Byzoro Smart S85F Firmware < 2023-10-12 - OS Command Injection via /importexport.php
CVSS 4.7
CVE-2023-5683 MEDIUM
Byzoro Smart S85F Management Platform < 2023-10-10 - OS Command Injection via btn_file_renew Parameter
CVSS 6.3
CVE-2023-46117 HIGH
reconFTW <2.7.1.1 - Remote Code Execution via Malicious CSP Subdomain
CVSS 8.8
CVE-2023-23373 HIGH
QUSBCam2 >=2.0.0 <2.0.3 - OS Command Injection via Network
CVSS 8.8
CVE-2023-40145 HIGH
Weintek cMT-FHD Firmware < 20210212 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-43959 HIGH
YeaLinkSIP-T19P-E2 <v.53.84.0.15 - RCE
CVSS 8.8
CVE-2023-3991 CRITICAL
FreshTomato 2023.3 - OS Command Injection via iperfrun.cgi
CVSS 10.0
CVE-2023-45158 CRITICAL
web2py < 2.24.1 - OS Command Injection via notifySendHandler Logging
CVSS 9.8
CVE-2023-21413 CRITICAL
AXIS OS 10.5.0-10.12.198 and 11.0.89-11.6.93 - Remote Code Execution via ACAP Application Installation
CVSS 9.1
CVE-2023-26155 HIGH
node-qpdf - OS Command Injection via encrypt() Method
CVSS 7.3
CVE-2023-34975 MEDIUM
QNAP Video Station < 5.7.0 - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-32976 MEDIUM
QNAP Container Station < 2.6.7.44 - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-45467 CRITICAL
Netis N3Mv2-V1.0.1.865 - OS Command Injection via ntpServIP Parameter
CVSS 9.8
CVE-2023-35194 HIGH
Peplink Surf SOHO Firmware 6.3.5 - Authenticated OS Command Injection via api.cgi cmd.mvpn.x509.write
CVSS 7.2
Details
Vulnerabilities 5,985
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits