CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-26129 HIGH
bwm-ng - OS Command Injection in check Function
CVSS 8.4
CVE-2023-26128 HIGH
keep-module-latest - Command Injection
CVSS 8.4
CVE-2023-26127 HIGH
n158 - OS Command Injection via Improper Input Sanitization in module.exports
CVSS 7.8
CVE-2023-31128 HIGH
NextCloud Cookbook <commit - Command Injection
CVSS 8.1
CVE-2023-33617 HIGH
Parks Fiberlink 210 <V2.1.14_X000 - Command Injection
CVSS 7.2
CVE-2023-23694 MEDIUM
Dell VxRail < 7.0.450 - Authenticated OS Command Injection in VxRail Manager
CVSS 4.7
CVE-2023-23693 MEDIUM
Dell VxRail < 7.0.450 - OS Command Injection in DCManager Command-Line Utility
CVSS 6.7
CVE-2023-28394 HIGH
Beekeeper Studio < 3.9.9 - Authenticated Remote Code Execution via JavaScript Injection
CVSS 8.8
CVE-2023-28392 HIGH
Inaba AC-WAPU-300/AC-WAPUM-300 Firmware < 1.00_b07/1.00_b08p - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-27521 HIGH
SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F < 8.10 - Authenticated OS Command Injection via Mail Setting Page
CVSS 8.8
CVE-2023-27514 HIGH
SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F < 8.10 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-32350 HIGH
Teltonika RUT Router Firmware 00.07.00-00.07.03 - OS Command Injection via Lua Service Package Name
CVSS 8.0
CVE-2023-31756 MEDIUM
TP-Link Archer VR1600V Firmware <= 0.1.0_0.9.1_v5006.0 - Authenticated OS Command Injection
CVSS 6.7
CVE-2023-20164 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection
CVSS 6.5
CVE-2023-20163 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection
CVSS 6.5
CVE-2023-24805 HIGH
cups-filters beh Backend - Remote Command Execution via Network Printer Command Injection
CVSS 8.8
CVE-2023-1698 CRITICAL
WAGO Compact Controller 100 Firmware 20-22 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2023-32568 HIGH
Veritas InfoScale Operations Manager < 7.4.2.800 and 8.x < 8.0.410 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-27407 CRITICAL
SCALANCE LPE9403 < 2.1 - Authenticated OS Command Injection via Web Management Interface
CVSS 9.9
CVE-2023-2574 HIGH
Advantech EKI-1521, EKI-1522, EKI-1524 Firmware < 1.21 - Authenticated OS Command Injection via Device Name Input
CVSS 8.8
CVE-2023-2573 HIGH
Advantech EKI-1521, EKI-1522, EKI-1524 Firmware < 1.21 - Authenticated OS Command Injection via NTP Server Input
CVSS 8.8
CVE-2023-29944 CRITICAL
Metersphere v1.20.20-lts-79d354a6 - Remote Code Execution via Custom Code Snippet Function
CVSS 9.8
CVE-2023-2564 CRITICAL
scanservjs < 2.27.0 - OS Command Injection
CVSS 10.0
CVE-2023-30054 CRITICAL
TOTOLINK A7100RU V7.4cu.2313_B20191024 - OS Command Injection
CVSS 9.8
CVE-2023-30053 CRITICAL
TOTOLINK A7100RU V7.4cu.2313_B20191024 - OS Command Injection
CVSS 9.8
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits