CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-28102 HIGH
discordrb < 3.4.3 - OS Command Injection via Unsafe Shell String Construction
CVSS 8.3
CVE-2023-28627 HIGH
pymedusa <1.0.12 - Command Injection
CVSS 8.3
CVE-2023-24841 HIGH
HGiga MailSherlock - Command Injection
CVSS 7.2
CVE-2023-24837 HIGH
HGiga PowerStation - Command Injection
CVSS 8.8
CVE-2023-20082 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.1
CVE-2023-20056 MEDIUM
Cisco Wireless LAN Controller Software < 8.10.183.0 - Authenticated Denial of Service via Management CLI
CVSS 6.5
CVE-2023-28617 HIGH
Org Mode <9.6.1 - Command Injection
CVSS 7.8
CVE-2023-25280 CRITICAL KEV
D-Link DIR-820L Firmware - OS Command Injection via ping_addr Parameter
CVSS 9.8
CVE-2023-24229 HIGH
DrayTek Vigor2960 v1.5.1.4 - Command Injection
CVSS 7.8
CVE-2023-28343 CRITICAL
APSystems Energy Communication Unit Firmware C1.2.5 - OS Command Injection via Timezone Parameter
CVSS 9.8
CVE-2023-25617 CRITICAL
SAP Business Objects BI Platform 4.2/4.3 - Authenticated RCE via Program Object
CVSS 9.0
CVE-2023-25279 CRITICAL
D-Link DIR-820L Firmware - OS Command Injection via tools_AccountName
CVSS 9.8
CVE-2023-24762 CRITICAL
D-Link DIR-867 DIR_867_FW1.30B07 - Command Injection
CVSS 9.8
CVE-2023-1350 MEDIUM
liferea < 1.14.1 - OS Command Injection via Feed Enrichment Update Job
CVSS 6.3
CVE-2023-27985 HIGH
Emacs 28.1-28.2 - OS Command Injection via Crafted mailto: URI
CVSS 7.8
CVE-2023-1277 HIGH
kylin-system-updater < 1.4.20kord - OS Command Injection in Update Handler InstallSnap Function
CVSS 7.8
CVE-2023-25395 CRITICAL
TOTOlink A7100RU V7.4cu.2313_B20191024 - OS Command Injection via ou Parameter
CVSS 9.8
CVE-2023-26490 HIGH
mailcow < 2023-03 - Authenticated OS Command Injection via Sync Job Feature
CVSS 7.3
CVE-2023-26213 HIGH
Barracuda CloudGen WAN Private Edge Gateway <8.3.1-174141891 - Comm...
CVSS 7.2
CVE-2023-20075 MEDIUM
Cisco Secure Email Gateway - Command Injection
CVSS 6.0
CVE-2023-26759 HIGH
Sme.UP ERP TOKYO V6R1M220406 - Command Injection
CVSS 8.8
CVE-2023-26039 HIGH
ZoneMinder <1.36.33, <1.37.33 - Command Injection
CVSS 7.1
CVE-2023-20050 MEDIUM
Cisco NX-OS Software - Command Injection
CVSS 4.4
CVE-2023-20015 MEDIUM
Cisco Firepower < - Command Injection
CVSS 6.0
CVE-2023-0935 MEDIUM
DolphinPHP < 1.5.1 - OS Command Injection via common.php id Argument
CVSS 6.3
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits