CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,011 vulnerabilities with CWE-78
CVE-2022-28495 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-28491 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-28494 CRITICAL
TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 - Command Injection
CVSS 9.8
CVE-2022-37337 CRITICAL
Netgear Orbi Router RBR750 4.6.8.5 - Authenticated OS Command Injection
CVSS 9.1
CVE-2022-39951 HIGH
FortiWeb 6.3.6-6.3.20 and 7.0.0-7.0.2 - OS Command Injection via Crafted HTTP Requests
CVSS 7.2
CVE-2022-2024 CRITICAL
gogs < 0.12.11 - OS Command Injection
CVSS 9.8
CVE-2022-36231 CRITICAL
pdf_info 0.5.3 - OS Command Injection via Backticks
CVSS 9.8
CVE-2022-48337 CRITICAL
GNU Emacs < 28.2 - OS Command Injection via etags Source-Code Filename
CVSS 9.8
CVE-2022-46303 HIGH
Tribe29 Checkmk <2.1.0p10-<1.6.0p29 - Command Injection
CVSS 8.0
CVE-2022-33869 HIGH
FortiWAN <4.5.9 - Command Injection
CVSS 8.8
CVE-2022-30303 HIGH
FortiWeb 6.3.0-6.3.19, 6.4, 7.0.0-7.0.1 - Authenticated OS Command Injection via Crafted HTTP Requests
CVSS 8.8
CVE-2022-27489 HIGH
FortiExtender 7.0.0-7.0.3, 5.3.2, 4.2.4 and below - OS Command Injection via Crafted HTTP Requests
CVSS 7.2
CVE-2022-27482 HIGH
FortiADC 5.x.x-7.0.1 - OS Command Injection via CLI Commands
CVSS 7.8
CVE-2022-45104 HIGH
Dell EMC VASA Provider vApp < 9.2.4.15 - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-34447 HIGH
Dell PowerPath Management Appliance 3.0-3.3 - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-46649 HIGH
Sierra Wireless ALEOS AceManager <4.16 - Authenticated Command Injection via IP Logging
CVSS 8.8
CVE-2022-45699 CRITICAL
APSystems ECU-R Firmware 5203 - Unauthenticated OS Command Injection via Timezone Parameter
CVSS 9.8
CVE-2022-43550 CRITICAL
Jitsi <8aa7be58522f4264078d54752aae5483bfd854b2 - Command Injection
CVSS 9.8
CVE-2022-45768 HIGH
Edimax BR-6428nS Firmware - OS Command Injection via formWlanMP Function
CVSS 8.8
CVE-2022-43758 HIGH
SUSE Rancher <2.5.17, <2.6.10, <2.7.1 - Command Injection
CVSS 7.6
CVE-2022-31249 HIGH
SUSE Rancher <0.7.3, <0.8.4, <1.0.0 - Command Injection
CVSS 7.5
CVE-2022-38547 HIGH
Zyxel ZyWALL/USG <4.72 - Command Injection
CVSS 7.2
CVE-2022-25855 HIGH
create-choo-app3 - OS Command Injection via devInstall Function
CVSS 7.4
CVE-2022-25853 HIGH
semver-tags - OS Command Injection via getGitTagsRemote Function
CVSS 7.4
CVE-2022-46552 HIGH
D-Link DIR-846 FW100A53DBR - Remote Command Execution via lan_dhcps_staticlist
CVSS 8.8
Details
Vulnerabilities 6,011
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits