CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,016 vulnerabilities with CWE-78
CVE-2022-33189 CRITICAL
Abode Systems, Inc. iota All-In-One Security Kit 6.9Z - Command Inj...
CVSS 9.8
CVE-2022-33150 CRITICAL
Robustel R1510 <3.1.16 - Command Injection
CVSS 9.8
CVE-2022-32773 CRITICAL
Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z - OS Command Injection via XCMD doDebug
CVSS 9.8
CVE-2022-32765 CRITICAL
Robustel R1510 Firmware 3.1.16 and 3.3.0 - OS Command Injection via sysupgrade
CVSS 9.8
CVE-2022-32586 HIGH
Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z - Authenticated OS Command Injection via Web Interface
CVSS 8.8
CVE-2022-30603 HIGH
Abode iota 6.9X/6.9Z Authenticated OS Command Injection via Web Interface
CVSS 8.8
CVE-2022-30541 CRITICAL
Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z - OS Command Injection via XCMD setUPnP
CVSS 9.8
CVE-2022-29851 CRITICAL
OX App Suite < 7.10.6 - OS Command Injection via EPS Document Disguised as PDF
CVSS 9.8
CVE-2022-29520 CRITICAL
Abode Systems iota All-In-One Security Kit 6.9Z - OS Command Injection via Console Main Loop
CVSS 9.8
CVE-2022-29472 CRITICAL
Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z - OS Command Injection via util_set_serial_mac
CVSS 9.8
CVE-2022-27804 CRITICAL
Abode Systems iota All-In-One Security Kit 6.9X and 6.9Z - OS Command Injection via util_set_abode_code
CVSS 9.8
CVE-2022-34437 MEDIUM
Dell PowerScale OneFS 8.2.2-9.3.0 - OS Command Injection
CVSS 6.7
CVE-2022-43184 CRITICAL
D-Link DIR878 1.30B08 - Command Injection
CVSS 9.8
CVE-2022-33874 CRITICAL
FortiTester <4.2.0 - Command Injection
CVSS 9.8
CVE-2022-33873 MEDIUM
FortiTester <4.2.0 - Command Injection
CVSS 6.8
CVE-2022-33872 CRITICAL
FortiTester <4.2.0 - Command Injection
CVSS 9.8
CVE-2022-35844 MEDIUM
FortiTester <4.2.0 - Command Injection
CVSS 6.7
CVE-2022-39057 HIGH
RAVA Certificate Validation System - Authenticated OS Command Injection via Web Page Input Field
CVSS 7.2
CVE-2022-41751 HIGH
jhead 3.06.0.1 - OS Command Injection via JPEG Filename with -rgt50 Option
CVSS 7.8
CVE-2022-2884 CRITICAL
GitLab CE/EE <15.1.5-15.3.1 - Authenticated RCE
CVSS 9.9
CVE-2022-3492 MEDIUM
SourceCodester Human Resource Management System 1.0 - OS Command Injection via Profile Photo Handler
CVSS 6.3
CVE-2022-24697 CRITICAL
Kylin <2.6.5, <3.1.2, <4.0.1 - Command Injection
CVSS 9.8
CVE-2022-34427 HIGH
Dell Container Storage Modules 1.3.0-1.9.9 - Unauthenticated OS Command Injection in goiscsi and gobrick Libraries
CVSS 8.8
CVE-2022-40176 HIGH
Siemens Desigo PXM and PXG3 Firmware - OS Command Injection via Restore Operation
CVSS 8.0
CVE-2022-3276 HIGH
Puppetlabs-mysql <13.0.0 - Command Injection
CVSS 8.4
Details
Vulnerabilities 6,016
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits