CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,985 vulnerabilities with CWE-78
CVE-2023-36618 HIGH
Atos Unify OpenScape Session Border Controller through V10 R3.01.03 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-33273 CRITICAL
DTS Monitoring <3.57.0 - Command Injection
CVSS 9.8
CVE-2023-33272 CRITICAL
DTS Monitoring <3.57.0 - Command Injection
CVSS 9.8
CVE-2023-33271 CRITICAL
DTS Monitoring <3.57.0 - Command Injection
CVSS 9.8
CVE-2023-33270 CRITICAL
DTS Monitoring <3.57.0 - Command Injection
CVSS 9.8
CVE-2023-33269 CRITICAL
DTS Monitoring <3.57.0 - Command Injection
CVSS 9.8
CVE-2023-33268 CRITICAL
DTS Monitoring <3.57.0 - Command Injection
CVSS 9.8
CVE-2023-39222 HIGH
FURUNO SYSTEMS ACERA Wireless LAN Access Point Firmware - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-43893 CRITICAL
Netis N3Mv2-V1.0.1.865 - Command Injection
CVSS 9.8
CVE-2023-43892 CRITICAL
Netis N3Mv2-V1.0.1.865 - Command Injection
CVSS 9.8
CVE-2023-43890 HIGH
Netis N3Mv2-V1.0.1.865 - Command Injection
CVSS 8.8
CVE-2023-5301 MEDIUM
dedecms 5.7.111 - OS Command Injection via albumUploadFiles Parameter in album_add.php
CVSS 4.7
CVE-2023-26145 HIGH
pydash < 6.0.0 - OS Command Injection via Deep Path String Manipulation
CVSS 7.4
CVE-2023-44080 CRITICAL
PGYER codefever <2023.8.14-2ce4006 - RCE
CVSS 9.8
CVE-2023-20231 HIGH
Cisco IOS XE - Authenticated OS Command Injection via Web UI
CVSS 8.8
CVE-2023-3767 CRITICAL
EasyPHP Webserver 14.1 - OS Command Injection via Zone Parameter
CVSS 9.8
CVE-2023-40581 HIGH
yt-dlp 2021.04.11-2023.09.24 - OS Command Injection via --exec Output Template Expansion
CVSS 8.3
CVE-2023-43130 CRITICAL
D-LINK DIR-806 DIR806A1_FW100CNb11 - OS Command Injection
CVSS 9.8
CVE-2023-43129 CRITICAL
D-LINK DIR-806 DIR806A1_FW100CNb11 - OS Command Injection via REMOTE_PORT Parameter
CVSS 9.8
CVE-2023-5002 MEDIUM
pgAdmin 4 < 7.7 - Authenticated OS Command Injection via External Utility Path Validation
CVSS 6.0
CVE-2023-23362 HIGH
QNAP QTS 4.5.4-4.5.4.2374 and QTS 5.0.1-5.0.1.2376 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-0118 CRITICAL
Foreman - Admin Template Safe Mode Bypass to Code Execution
CVSS 9.1
CVE-2023-38886 HIGH
Dolibarr ERP CRM < 17.0.1 - Authenticated Remote Code Execution via Crafted Command
CVSS 7.2
CVE-2023-35850 HIGH
SUNNET WMPro - Authenticated OS Command Injection via File Management Function
CVSS 7.2
CVE-2023-28614 CRITICAL
Freewill iFIS <20.01.01.04 - Command Injection
CVSS 9.8
Details
Vulnerabilities 5,985
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits