CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,011 vulnerabilities with CWE-78
CVE-2022-44149 HIGH
Nexxt Amp300 ARN02304U8 RCE via Ping Feature JSON Host Field
CVSS 8.8
CVE-2022-25923 HIGH
exec-local-bin < 1.2.0 - OS Command Injection via theProcess() Function
CVSS 7.4
CVE-2022-44877 CRITICAL KEV
CWP login.php Unauthenticated RCE
CVSS 9.8
CVE-2022-43538 HIGH
Aruba ClearPass Policy Manager <6.10.7, <6.9.12 - RCE
CVSS 7.2
CVE-2022-43537 HIGH
Aruba ClearPass Policy Manager <6.10.7, <6.9.12 - Command Injection
CVSS 7.2
CVE-2022-43536 HIGH
Aruba ClearPass Policy Manager <6.10.7, <6.9.12 - RCE
CVSS 7.2
CVE-2022-25926 HIGH
window-control < 1.4.5 - OS Command Injection via sendKeys Function
CVSS 7.4
CVE-2022-39947 HIGH
FortiADC OS Command Injection via Crafted HTTP Requests
CVSS 8.8
CVE-2022-35845 HIGH
FortiTester <4.2.0 - Command Injection
CVSS 7.8
CVE-2022-46304 HIGH
ChangingTec ServiSign - Command Injection
CVSS 8.8
CVE-2022-40740 HIGH
Realtek USDK - Authenticated OS Command Injection
CVSS 7.2
CVE-2022-46598 CRITICAL
TRENDnet TEW755AP <1.13B01 - Command Injection
CVSS 9.8
CVE-2022-46597 CRITICAL
TRENDnet TEW755AP <1.13B01 - Command Injection
CVSS 9.8
CVE-2022-40005 HIGH
Intelbras WiFiber 120AC inMesh < 1.1-220826 - Authenticated OS Command Injection via formPing6 and formTracert URIs
CVSS 8.8
CVE-2022-45717 CRITICAL
IP-COM M50 V15.11.0.33(10768) - OS Command Injection via usbPartitionName Parameter
CVSS 9.8
CVE-2022-45711 CRITICAL
IP-COM M50 V15.11.0.33(10768) - OS Command Injection via Hostname Parameter
CVSS 9.8
CVE-2022-45709 CRITICAL
IP-COM M50 V15.11.0.33(10768) - OS Command Injection via pEnable, pLevel, and pModule Parameters
CVSS 9.8
CVE-2022-44567 CRITICAL
Rocket.Chat < 3.8.14 - Remote Code Execution via openInternalVideoChatWindow URL Injection
CVSS 9.8
CVE-2022-3183 CRITICAL
Dataprobe iBoot-PDU Firmware < 1.42.06162022 - OS Command Injection
CVSS 9.8
CVE-2022-4643 MEDIUM
docconv < 1.2.1 - OS Command Injection in ConvertPDFImages Function
CVSS 6.3
CVE-2022-24431 HIGH
abacus-ext-cmdline - Command Injection
CVSS 7.4
CVE-2022-4515 HIGH
Exuberant Ctags - OS Command Injection via -o Option
CVSS 7.8
CVE-2022-46538 CRITICAL
Tenda F1203 V2.0.1.6 - Command Injection
CVSS 9.8
CVE-2022-40624 CRITICAL
pfSense pfBlockerNG <= 2.1.4_27 - Remote Code Execution via HTTP Host Header
CVSS 9.8
CVE-2022-45942 HIGH
baijiacms >=4.0 - Remote Code Execution in common.inc.php
CVSS 8.8
Details
Vulnerabilities 6,011
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits