CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2023-23779 MEDIUM
FortiWeb 6.3.6-6.3.19, 6.4, <=7.0.1 - Authenticated OS Command Injection via HTTP Request Parameters
CVSS 6.8
CVE-2023-0861 HIGH
Netmodule Router Software < 4.3.0.119 - Command Injection
CVSS 7.2
CVE-2023-0830 MEDIUM
EasyNAS 1.1.0 - OS Command Injection via /backup.pl
CVSS 6.3
CVE-2023-20076 HIGH
Cisco IOx - Authenticated Remote Code Execution via Crafted Activation Payload
CVSS 7.2
CVE-2023-24816 MEDIUM
IPython < 8.10.0 - OS Command Injection via set_term_title Function
CVSS 4.5
CVE-2023-22643 MEDIUM
libzypp-plugin-appdata < 1.0.1+git.20180426 - Command Injection via REPO Settings
CVSS 6.3
CVE-2023-23076 CRITICAL
ManageEngine Support Center Plus 11 - OS Command Injection via Executor in Action
CVSS 9.8
CVE-2023-23692 HIGH
Dell EMC Data Domain OS < 6.2.1.90, 7.0.0.0-7.9.0.0, 7.7.1-7.7.3 - Authenticated OS Command Injection
CVSS 8.8
CVE-2023-24422 HIGH
Jenkins Script Security Plugin <1228.vd93135a_2fb_25 - Sandbox Bypass via Map Constructors
CVSS 8.8
CVE-2023-23596 HIGH
jc21 NGINX Proxy Manager <= 2.9.19 - Authenticated OS Command Injection via Access List htpasswd File
CVSS 8.8
CVE-2023-20007 MEDIUM
Cisco Small Business RV340-345 - Authenticated RCE/DoS
CVSS 4.7
CVE-2023-0164 HIGH
OrangeScrum <2.0.11 - Command Injection
CVSS 8.8
CVE-2023-22304 HIGH
PIX-RT100 <2.1.2_EQ101 - Command Injection
CVSS 8.0
CVE-2023-22280 HIGH
MAHO-PBX NetDevancer < 1.11.00 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-22279 CRITICAL
MAHO-PBX NetDevancer - Unauthenticated OS Command Execution
CVSS 9.8
CVE-2023-22598 HIGH
InRouter 302 < 3.5.56 and InRouter 615 < 2.3.0.r5542 - Authenticated Remote Code Execution via Configuration Update File
CVSS 7.2
CVE-2022-50994 HIGH
DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi
CVSS 8.1
CVE-2022-45899 MEDIUM
Nokia BMC <13.1 - Command Injection
CVSS 6.5
CVE-2022-50919 CRITICAL
Tdarr 2.00.15 - Unauthenticated Remote Code Execution via Help Terminal Command Injection
CVSS 9.8
CVE-2022-50909 HIGH
Algo 8028 Control Panel <3.3.3 - Command Injection
CVSS 8.8
CVE-2022-50795 HIGH
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x - Command Injection
CVSS 7.8
CVE-2022-50794 CRITICAL
SOUND4 IMPACT/FIRST/PULSE/Eco <2 - Command Injection
CVSS 9.8
CVE-2022-50793 HIGH
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x - Command Injection
CVSS 8.8
CVE-2022-50791 HIGH
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x - Command Injection
CVSS 7.8
CVE-2022-50789 HIGH
SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x - Command Injection
CVSS 7.8
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits