CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
5,985 vulnerabilities with CWE-78
CVE-2023-35193
HIGH
Peplink Surf SOHO Firmware 6.3.5 - Authenticated OS Command Injection via api.cgi cmd.mvpn.x509.write
CVSS 7.2
CVE-2023-34356
HIGH
Peplink Surf SOHO Firmware - Authenticated OS Command Injection via data.cgi xfer_dns
CVSS 7.2
CVE-2023-28381
HIGH
Peplink Surf SOHO Firmware - Authenticated OS Command Injection via MVPN_trial_init
CVSS 7.2
CVE-2023-27380
HIGH
Peplink Surf SOHO Firmware - Authenticated OS Command Injection via USSD_send Functionality
CVSS 7.2
CVE-2023-42788
HIGH
FortiAnalyzer/FortiManager OS Command Injection via CLI Arguments
CVSS 7.8
CVE-2023-41838
HIGH
Fortinet Fortianalyzer < 6.2.11 - OS Command Injection
CVSS 7.1
CVE-2023-36550
CRITICAL
Fortinet FortiWLM <8.6.5, <8.5.4 - Command Injection
CVSS 9.8
CVE-2023-36549
HIGH
Fortinet FortiWLM <8.6.5, <8.5.4 - Command Injection
CVSS 8.8
CVE-2023-36548
CRITICAL
Fortinet FortiWLM <8.6.5, <8.5.4 - Code Injection
CVSS 9.8
CVE-2023-36547
CRITICAL
Fortinet FortiWLM <8.6.5, <8.5.4 - Command Injection
CVSS 9.8
CVE-2023-34993
CRITICAL
FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - OS Command Injection via HTTP GET Request Parameters
CVSS 9.8
CVE-2023-34992
CRITICAL
FortiSIEM 6.6.0-6.6.2 - OS Command Injection via Crafted API Requests
CVSS 10.0
CVE-2023-34989
HIGH
FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - OS Command Injection via HTTP GET Request Parameters
CVSS 8.8
CVE-2023-34988
HIGH
Fortinet FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - OS Command Injection via HTTP GET Request Parameters
CVSS 8.8
CVE-2023-34987
HIGH
Fortinet FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - OS Command Injection via HTTP GET Request Parameters
CVSS 8.8
CVE-2023-34986
HIGH
FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - OS Command Injection via HTTP GET Request Parameters
CVSS 8.8
CVE-2023-34985
HIGH
FortiWLM 8.5.0-8.5.4 and 8.6.0-8.6.5 - OS Command Injection via HTTP GET Request Parameters
CVSS 8.8
CVE-2023-25607
HIGH
FortiManager 6.0-7.2.2, FortiAnalyzer 6.0-7.2.2, FortiADC 6.0-7.1.0 - OS Command Injection
CVSS 7.8
CVE-2023-5494
MEDIUM
Byzoro Smart S45F Multi-Service Secure Gateway < 20230928 - OS Command Injection via /log/download.php
CVSS 6.3
CVE-2023-30806
CRITICAL
Sangfor Next-Gen Application Firewall 8.0.17 - Unauthenticated OS Command Injection via PHPSESSID Cookie
CVSS 9.8
CVE-2023-30805
CRITICAL
Sangfor Next-Gen Application Firewall NGAF8.0.17 - Unauthenticated OS Command Injection via LogInOut.php un Parameter
CVSS 9.8
CVE-2023-26153
HIGH
geokit-rails <2.5.0 - Command Injection
CVSS 8.3
CVE-2023-4401
HIGH
Dell SmartFabric Storage Software < 1.4.1 - Authenticated OS Command Injection via CLI 'more' Command
CVSS 7.8
CVE-2023-43069
HIGH
Dell SmartFabric Storage Software <1.4 - Command Injection
CVSS 7.8
CVE-2023-43068
HIGH
Dell SmartFabric Storage Software <1.4 - Command Injection
CVSS 7.8
Details
Vulnerabilities
5,985
Exploit Likelihood
High