CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-24582 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-24520 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-24519 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-23550 HIGH
Milesight UR32L v32.3.0.5 - OS Command Injection via ys_thirdparty user_delete
CVSS 7.2
CVE-2023-22659 HIGH
Milesight UR32L v32.3.0.5 - OS Command Injection via libzebra.so change_hostname
CVSS 7.2
CVE-2023-22653 HIGH
Milesight UR32L v32.3.0.5 - Authenticated OS Command Injection via vtysh_ubus tcpdump_start_cb
CVSS 8.8
CVE-2023-22371 HIGH
Milesight VPN <2.0.2 - Command Injection
CVSS 8.1
CVE-2023-22365 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 7.2
CVE-2023-22299 HIGH
Milesight UR32L <v32.3.0.5 - Command Injection
CVSS 8.8
CVE-2023-36622 HIGH
Loxone Miniserver Go Gen.2 <14.1.5.9 - Command Injection
CVSS 7.2
CVE-2023-27198 MEDIUM
PAX A930 Firmware PayDroid_7.1.1_Virgo_V04.5.02_20220722 - OS Command Injection via Exec Service
CVSS 6.8
CVE-2023-3314 HIGH
Zip File Processing - Command Injection
CVSS 8.1
CVE-2023-3313 HIGH
Trellix Enterprise Security Manager < 11.6.7 - OS Command Injection via Certificate API
CVSS 7.8
CVE-2023-22816 MEDIUM
Western Digital My Cloud OS < 5.26.300 - Authenticated Remote Command Injection via CGI File
CVSS 6.0
CVE-2023-22815 MEDIUM
Western Digital My Cloud OS < 5.26.300 - Authenticated Remote Command Injection via CGI Files
CVSS 6.2
CVE-2023-32622 HIGH
WL-WN531AX2 Firmware < 2023526 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-36143 HIGH
Maxprint Maxlink 1200G v3.4.11E - Command Injection
CVSS 8.8
CVE-2023-26613 CRITICAL
D-Link DIR-823G <1.02B05 - Command Injection
CVSS 9.8
CVE-2023-3450 MEDIUM
Ruijie RG-BCR860 2.5.13 - OS Command Injection via Network Diagnostic Page
CVSS 4.7
CVE-2023-2625 CRITICAL
ABB TXpert Hub CoreTec 4 Firmware < 3.0.1 - Authenticated OS Command Injection via Web UI Field
CVSS 9.0
CVE-2023-26134 CRITICAL
git-commit-info <2.0.2 - Command Injection
CVSS 9.8
CVE-2023-3333 HIGH
NEC Aterm Series - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-34420 HIGH
Lenovo XClarity Administrator < 4.0.0 - Authenticated OS Command Injection via Web API
CVSS 7.2
CVE-2023-30261 CRITICAL
OpenWB 1.6-1.7 - OS Command Injection via Crafted GET Request
CVSS 9.8
CVE-2023-34254 HIGH
glpi_agent < 1.5 - Authenticated OS Command Injection via Remote Inventory SSH Task
CVSS 7.6
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits