CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,006 vulnerabilities with CWE-78
CVE-2022-50691
CRITICAL
MiniDVBLinux 5.4 - Unauthenticated Remote Command Execution via 'command' GET Parameter
CVSS 9.8
CVE-2022-50596
CRITICAL
D-Link DIR-1260 <1.20B05 - Command Injection
CVSS 9.8
CVE-2022-4978
CRITICAL
Remote Control Server 3.1.1.12 - RCE
CVE-2022-41871
MEDIUM
SEPPmail <12.1.17 - Command Injection
CVSS 6.0
CVE-2022-20871
MEDIUM
Cisco AsyncOS - Authenticated OS Command Injection and Privilege Escalation via Web Management Interface
CVSS 6.3
CVE-2022-20655
HIGH
Cisco IOS XR Software - Authenticated OS Command Injection via ConfD CLI Process Argument
CVSS 8.8
CVE-2022-20652
MEDIUM
Cisco Tetration - Command Injection
CVSS 6.5
CVE-2022-1884
CRITICAL
gogs/gogs <=0.12.7 - Remote Command Execution via tree_path Parameter
CVSS 9.8
CVE-2022-27486
MEDIUM
FortiDDoS 4.5.0-5.5.1 and FortiDDoS-F 6.1.0-6.3.1 - Authenticated OS Command Injection via Execute CLI Commands
CVSS 6.6
CVE-2022-43654
HIGH
NETGEAR CAX30 and CAX30S Firmware < 2.1.3.10 - Unauthenticated OS Command Injection via SSO Token Parameter
CVSS 8.8
CVE-2022-48684
HIGH
Logpoint SIEM < 7.1.1 - Authenticated Remote Code Execution via Search Template Injection
CVSS 8.4
CVE-2022-48624
HIGH
less < 606 - OS Command Injection via LESSCLOSE
CVSS 7.8
CVE-2022-39818
HIGH
NOKIA NFM-T R19.9 - Authenticated OS Command Injection via cmd HTTP GET Parameter
CVSS 8.8
CVE-2022-48616
MEDIUM
Huawei AR617VW Firmware - OS Command Injection
CVSS 6.4
CVE-2022-22298
MEDIUM
Fortinet FortiIsolator <2.3.5 - Command Injection
CVSS 6.7
CVE-2022-3874
HIGH
Red Hat Satellite - Authenticated OS Command Injection via CoreOS Template Configuration
CVSS 8.0
CVE-2022-47555
CRITICAL
Ormazabal ekorRCI and ekorCCP Firmware - Authenticated OS Command Injection
CVSS 9.3
CVE-2022-35849
HIGH
FortiADC <7.1.1 - Command Injection
CVSS 7.8
CVE-2022-43907
HIGH
IBM Security Guardium 11.4 - Command Injection
CVSS 7.2
CVE-2022-48604
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Logging Export Feature
CVSS 8.8
CVE-2022-48603
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Message Viewer Iframe
CVSS 8.8
CVE-2022-48602
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Message Viewer Print Feature
CVSS 8.8
CVE-2022-48601
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Network Print Report Feature
CVSS 8.8
CVE-2022-48600
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Notes View Feature
CVSS 8.8
CVE-2022-48599
HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Reporter Events Type Feature
CVSS 8.8
Details
Vulnerabilities
6,006
Exploit Likelihood
High