CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,006 vulnerabilities with CWE-78
CVE-2022-48598 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Reporter Events Type Date Feature
CVSS 8.8
CVE-2022-48597 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Event Report Feature
CVSS 8.8
CVE-2022-48596 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Queue Watchers Feature
CVSS 8.8
CVE-2022-48595 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Template Watchers Feature
CVSS 8.8
CVE-2022-48594 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Ticket Watchers Email Feature
CVSS 8.8
CVE-2022-48593 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Topology Data Service
CVSS 8.8
CVE-2022-48592 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Vendor Country Parameter
CVSS 8.8
CVE-2022-48591 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Vendor State Parameter
CVSS 8.8
CVE-2022-48590 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Admin Dynamic App MIB Errors Feature
CVSS 8.8
CVE-2022-48589 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Reporting Job Editor
CVSS 8.8
CVE-2022-48588 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Schedule Editor Decoupled Feature
CVSS 8.8
CVE-2022-48587 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via Schedule Editor
CVSS 8.8
CVE-2022-48586 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection via JSON Walker Feature
CVSS 8.8
CVE-2022-48585 HIGH
ScienceLogic SL1 < 11.1.2 - SQL Injection in Admin Brand Portal
CVSS 8.8
CVE-2022-48584 HIGH
ScienceLogic SL1 < 11.1.2 - OS Command Injection via Download and Convert Report Feature
CVSS 8.8
CVE-2022-48583 HIGH
ScienceLogic SL1 < 11.1.2 - OS Command Injection via Dashboard Scheduler
CVSS 8.8
CVE-2022-48582 HIGH
ScienceLogic SL1 < 11.1.2 - OS Command Injection via Ticket Report Generate Feature
CVSS 8.8
CVE-2022-48581 HIGH
ScienceLogic SL1 < 11.1.2 - OS Command Injection via Dash Export Feature
CVSS 8.8
CVE-2022-48580 HIGH
ScienceLogic SL1 < 11.1.2 - OS Command Injection via ARP Ping Device Tool
CVSS 8.8
CVE-2022-44720 CRITICAL
Ucopia Wireless Appliance Firmware < 6.0.13 - OS Command Injection via chroot
CVSS 9.8
CVE-2022-48472 CRITICAL
Huawei BiSheng-WNM Firmware - OS Command Injection
CVSS 9.8
CVE-2022-32752 HIGH
IBM Security Directory Suite VA 8.0.1-8.0.1.19 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-47616 HIGH
Hitron CODA-5310 Firmware - Authenticated OS Command Injection via Connection Test Function
CVSS 7.2
CVE-2022-46361 MEDIUM
OneWireless <322.1 - Command Injection
CVSS 6.9
CVE-2022-29841 HIGH
Western Digital My Cloud OS 5.02.104-5.26.118 - Remote Code Execution via Unsanitized File Read Command
CVSS 8.0
Details
Vulnerabilities 6,006
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits