CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-25555 MEDIUM
StruxureWare Data Center Expert < 7.9.2 - Authenticated OS Command Injection via SSH
CVSS 5.6
CVE-2023-25554 HIGH
StruxureWare Data Center Expert <= 7.9.2 - OS Command Injection
CVSS 7.8
CVE-2023-28983 HIGH
Juniper Networks Junos OS Evolved <22.1R1-EVO - Command Injection
CVSS 8.8
CVE-2023-2091 HIGH
KylinSoft youker-assistant < 3.1.4.13 - OS Command Injection via adjust_cpufreq_scaling_governer Function
CVSS 7.8
CVE-2023-29805 CRITICAL
iodata WFS-SR03 Firmware 1.0.3 - OS Command Injection via pro_stor_canceltrans_handler_part_19
CVSS 9.8
CVE-2023-29804 HIGH
iodata WFS-SR03 and WFS-SR03K Firmware - OS Command Injection via sys_smb_pwdmod Function
CVSS 8.8
CVE-2023-27216 HIGH
D-Link DSL-3782 1.03 - Authenticated Root Code Execution via Network Settings
CVSS 8.8
CVE-2023-27826 HIGH
SeowonIntech SWC-5100W Firmware 1.11.0.1, 1.9.9.4 - OS Command Injection via doSystem() Function
CVSS 8.8
CVE-2023-27917 HIGH
Contec Cps-mg341-adsc1-111 Firmware < 3.7.10 - OS Command Injection
CVSS 8.8
CVE-2023-27076 CRITICAL
Tenda G103 v.1.0.0.5 - Command Injection
CVSS 9.8
CVE-2023-20153 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-20122 MEDIUM
Cisco EPNM/ISE/Prime Infra - Privilege Escalation
CVSS 6.0
CVE-2023-20121 MEDIUM
Cisco EPNM/ISE/Prime Infra - Privilege Escalation
CVSS 6.0
CVE-2023-20117 HIGH
Cisco Small Business RV320-325 - Command Injection
CVSS 7.2
CVE-2023-20152 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-20128 HIGH
Cisco Small Business RV320-325 - Command Injection
CVSS 7.2
CVE-2023-20023 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-20022 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-20021 MEDIUM
Cisco Identity Services Engine - Authenticated OS Command Injection via CLI Commands
CVSS 6.0
CVE-2023-26921 CRITICAL
quectel AG550QCN - Command Injection
CVSS 9.8
CVE-2023-28726 HIGH
Panasonic AiSEG2 2.80F-2.93A - Remote Code Execution
CVSS 7.5
CVE-2023-26482 CRITICAL
Nextcloud Server <24.0.10 - Workflow Scope Validation Bypass to Code Execution
CVSS 9.0
CVE-2023-23355 MEDIUM
QNAP QVR - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-27886 CRITICAL
Osprey Pump Controller 1.01 - Unauthenticated OS Command Injection via index.php HTTP POST Parameter
CVSS 9.8
CVE-2023-27394 CRITICAL
Osprey Pump Controller 1.01 - Unauthenticated OS Command Injection via DataLogView.php GET Parameter
CVSS 9.8
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits