CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-30258 CRITICAL
magnusbilling 6.0.0-7.2.9 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-35174 HIGH
Livebook 0.8.0-0.8.1 - Remote Code Execution via livebook:// URL Handler
CVSS 8.6
CVE-2023-24261 HIGH
GL.iNET GL-E750 Mudi <3.216 - Authenticated RCE
CVSS 7.2
CVE-2023-33869 MEDIUM
Enphase Envoy D7.0.88 - Command Injection
CVSS 6.3
CVE-2023-27992 CRITICAL KEV
Zyxel NAS326, NAS540, and NAS542 Firmware < 5.21 - Unauthenticated OS Command Injection via HTTP Request
CVSS 9.8
CVE-2023-34642 HIGH
KioWare for Windows <= 8.33 - Unauthenticated OS Command Injection via showDirectoryPicker Function
CVSS 7.8
CVE-2023-34800 CRITICAL
D-Link Go-RT-AC750 revA_v101b03 - OS Command Injection via Service Parameter
CVSS 9.8
CVE-2023-32548 HIGH
WPS Office 10.8.0.6186 - OS Command Injection via Malicious Server Response
CVSS 8.1
CVE-2023-31198 HIGH
Wi-Fi AP UNIT <1.05_B04 - Command Injection
CVSS 7.2
CVE-2023-30764 CRITICAL
KB-AHR and KB-IRIP Series < 91110.1.101106.78 - OS Command Injection
CVSS 9.8
CVE-2023-28000 MEDIUM
FortiADC 6.0.0-6.0.3, 6.1.0-6.1.x, 6.2.0-6.2.4, 7.0.0-7.0.3, 7.1.0 - OS Command Injection via Diagnose System DF CLI
CVSS 6.7
CVE-2023-26210 HIGH
FortiADC 5.2.0-5.2.7 - Authenticated OS Command Injection via CLI Requests
CVSS 7.8
CVE-2023-34343 HIGH
AMI MegaRAC SP-X 12.0-12.7 - Authenticated OS Command Injection via SPX REST API
CVSS 7.2
CVE-2023-34334 HIGH
AMI MegaRAC SP-X 12.0-12.7 - Authenticated OS Command Injection via SPX REST API
CVSS 7.2
CVE-2023-34105 HIGH
SRS <5.0.157, <5.0-b1, <6.0.48 - Command Injection
CVSS 7.5
CVE-2023-34108 HIGH
mailcow - Authenticated Dovecot Variable Injection via Crafted Password
CVSS 8.8
CVE-2023-33381 HIGH
MitraStar GPT-2741GNAC - Command Injection
CVSS 7.2
CVE-2023-3097 MEDIUM
KylinSoft kylin-software-properties - Command Injection
CVSS 5.3
CVE-2023-28704 HIGH
Furbo dog camera - Command Injection
CVSS 8.8
CVE-2023-28702 HIGH
ASUS RT-AC86U Firmware - Authenticated OS Command Injection via Web URL Parameters
CVSS 8.8
CVE-2023-33965 CRITICAL
Brook < 20230606 - Remote Code Execution via tproxy Server
CVSS 9.6
CVE-2023-25539 HIGH
Dell NetWorker 19.6.1.2 - Unauthenticated OS Command Injection
CVSS 8.4
CVE-2023-34152 CRITICAL
ImageMagick - Remote Code Execution via OpenBlob Pipe Handling
CVSS 9.8
CVE-2023-27988 HIGH
Zyxel NAS326 Firmware < 5.21(AAZF.13)C0 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-30253 HIGH
Dolibarr < 17.0.1 - Authenticated Remote Code Execution via Uppercase PHP Tag Injection
CVSS 8.8
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits