CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,006 vulnerabilities with CWE-78
CVE-2023-31209
HIGH
Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 - Authenticated OS Command Injection via Active Check Command Arguments
CVSS 8.8
CVE-2023-38208
CRITICAL
Adobe Commerce <2.4.6-p1, 2.4.5-p3, 2.4.4-p4 - Code Injection
CVSS 9.1
CVE-2023-37863
HIGH
PHOENIX CONTACT WP 6xxx Series Firmware < 4.0.10 - Authenticated Remote Code Execution via SNMPv2 Request
CVSS 7.2
CVE-2023-37861
HIGH
PHOENIX CONTACT WP 6xxx Series Firmware < 4.0.10 - Authenticated Remote Code Execution via Certificate Upload
CVSS 8.8
CVE-2023-37569
HIGH
ESDS Emagic Data Center Management Suite < 6.0 - Authenticated OS Command Injection via Ping Component
CVSS 8.8
CVE-2023-3573
HIGH
PHOENIX CONTACT WP 6xxx - Command Injection
CVSS 8.8
CVE-2023-3572
CRITICAL
PHOENIX CONTACT WP 6xxx < 4.0.10 - Unauthenticated HTTP POST Command Injection
CVSS 10.0
CVE-2023-3571
HIGH
PHOENIX CONTACT WP 6xxx < 4.0.10 - Authenticated Certificate Command Injection
CVSS 8.8
CVE-2023-3570
HIGH
PHOENIX CONTACT WP 6xxx <4.0.10 - Privilege Escalation
CVSS 8.8
CVE-2023-38692
CRITICAL
CloudExplorer Lite <1.3.1 - Command Injection
CVSS 9.8
CVE-2023-33377
CRITICAL
Connected IO <2.1.0 - Command Injection
CVSS 9.8
CVE-2023-33374
CRITICAL
Connected IO <2.1.0 - Command Injection
CVSS 9.8
CVE-2023-33364
HIGH
Suprema BioStar 2 <V2.9.1 - Command Injection
CVSS 8.8
CVE-2023-21411
HIGH
AXIS License Plate Verifier < 2.8.3 - OS Command Injection via Access Control Settings
CVSS 7.2
CVE-2023-21410
HIGH
AXIS License Plate Verifier < 2.8.3 - OS Command Injection via api.cgi
CVSS 7.2
CVE-2023-26317
HIGH
Xiaomi Router Firmware < 2023.2 - OS Command Injection via External Interface
CVSS 7.0
CVE-2023-31425
HIGH
Brocade Fabric OS <9.1.1 - Privilege Escalation
CVSS 7.8
CVE-2023-4033
HIGH
mlflow/mlflow <2.6.0 - Command Injection
CVSS 7.8
CVE-2023-35861
CRITICAL
Supermicro H12DST-B Firmware < 03.10.35 - Unauthenticated OS Command Injection via Email Notification
CVSS 9.8
CVE-2023-35019
HIGH
IBM Security Verify Governance 10.0 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-37213
HIGH
Synel SYnergy Fingerprint Terminals < 3015.1 - OS Command Injection
CVSS 8.8
CVE-2023-3975
CRITICAL
drawio < 21.5.0 - OS Command Injection
CVSS 9.8
CVE-2023-3974
CRITICAL
drawio < 21.4.0 - OS Command Injection
CVSS 9.8
CVE-2023-38673
CRITICAL
PaddlePaddle <2.5.0 - Command Injection
CVSS 9.6
CVE-2023-38056
HIGH
OTRS 6.0.1-6.0.34 and 7.0.0-7.0.45 - Authenticated OS Command Injection via SchedulerCronTaskModule
CVSS 7.2
Details
Vulnerabilities
6,006
Exploit Likelihood
High