CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-30013 CRITICAL
TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 - OS Command Injection via Traceroute Configuration
CVSS 9.8
CVE-2023-2522 MEDIUM
Chengdu VEC40G 3.0 - OS Command Injection via COUNT Parameter in Network Detection
CVSS 4.7
CVE-2023-24958 HIGH
IBM TS7700 Management Interface <=8.53.0.63 - Authenticated RCE via Crafted URL
CVSS 8.8
CVE-2023-27999 HIGH
FortiADC 7.1.0-7.1.1, 7.2.0 - Authenticated OS Command Injection via Crafted Arguments
CVSS 7.8
CVE-2023-25826 CRITICAL
OpenTSDB 1.0.0-2.4.0 - Unauthenticated OS Command Injection via Legacy HTTP Query API
CVSS 9.8
CVE-2023-28742 HIGH
F5 BIG-IP DNS 13.1.0-13.1.4 - Authenticated Remote Command Execution via DNS iQuery Mesh
CVSS 7.2
CVE-2023-29778 CRITICAL
GL.iNET MT3000 4.1.0 Release 2 - OS Command Injection via logread RPC Endpoint
CVSS 9.8
CVE-2023-2479 CRITICAL
appium-desktop < 1.22.3-4 - OS Command Injection
CVSS 9.8
CVE-2023-22919 HIGH
Zyxel NBG6604 Firmware V1.01(ABIR.0)C0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-30854 HIGH
AVideo < 12.4 - Authenticated Remote Code Execution via CloneSite Plugin Endpoint
CVSS 8.8
CVE-2023-28528 HIGH
IBM AIX <7.4 - Privilege Escalation
CVSS 8.4
CVE-2023-29169 HIGH
mySCADA myPRO <8.26.0 - Command Injection
CVSS 8.8
CVE-2023-29150 HIGH
mySCADA myPRO <8.26.0 - Command Injection
CVSS 8.8
CVE-2023-28716 HIGH
mySCADA myPRO <8.26.0 - Command Injection
CVSS 8.8
CVE-2023-28400 HIGH
mySCADA myPRO < 8.26.0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-28384 HIGH
mySCADA MyPRO Authenticated Command Injection (CVE-2023-28384)
CVSS 8.8
CVE-2023-25313 CRITICAL
AVideo < 12.4 - OS Command Injection via Video Link Embed Feature
CVSS 9.8
CVE-2023-28771 CRITICAL KEV
Zyxel ATP/USG/ZyWALL/VPN Series Firmware 4.60-5.36 - Unauthenticated Remote Code Execution via IKE Packet Decoder
CVSS 9.8
CVE-2023-30628 HIGH
Kiwi TCMS < 12.2 - OS Command Injection via Untrusted github.head_ref Field
CVSS 8.8
CVE-2023-27991 HIGH
Zyxel ATP/USG FLEX/USG20W-VPN/VPN Firmware - Authenticated OS Command Injection via CLI Command
CVSS 8.8
CVE-2023-25507 HIGH
NVIDIA DGX-1 BMC < 3.39.30 - Authenticated OS Command Injection via SPX REST API
CVSS 7.2
CVE-2023-30621 CRITICAL
gipsy < 1.3 - OS Command Injection via Ping Command
CVSS 9.8
CVE-2023-2131 CRITICAL
INEA ME RTU <3.36 - Command Injection
CVSS 10.0
CVE-2023-25759 MEDIUM
Tripleplay Platform - Authenticated OS Command Injection via TripleData Reporting Engine
CVSS 5.4
CVE-2023-29412 CRITICAL
APC Easy UPS Online Monitoring Software < 2.5 Remote Code Execution via Java RMI
CVSS 9.8
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits