CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-34539 HIGH
Digital Watchdog MEGApix IP Cameras A7.2.2_20211029 - OS Command Injection via /admin/curltest.cgi
CVSS 8.8
CVE-2022-34538 HIGH
Digital Watchdog MEGApix IP Cameras A7.2.2_20211029 - OS Command Injection via /admin/vca/bia/addacph.cgi
CVSS 8.8
CVE-2022-27373 HIGH
Shanghai Feixun fir302b A2 - Remote Code Execution via Ping Function
CVSS 8.8
CVE-2022-27483 HIGH
FortiAnalyzer/FortiManager OS Command Injection via Diagnose System CLI
CVSS 7.2
CVE-2022-33891 HIGH KEV
Apache Spark UI - Privilege Escalation
CVSS 8.8
CVE-2022-26482 HIGH
Poly EagleEye Director II <2.2.2.1 - Command Injection
CVSS 7.2
CVE-2022-26481 HIGH
Poly Studio <3.7.0 - Command Injection
CVSS 8.8
CVE-2022-32212 HIGH
Node.js <14.20.0, <16.20.0, <18.5.0 - OS Command Injection via IsAllowedHost Bypass
CVSS 8.1
CVE-2022-28375 CRITICAL
Verizon 5G Home LVSKIHP ODU <3.33.101.0 - RCE
CVSS 9.8
CVE-2022-28374 HIGH
Verizon 5G Home LVSKIHP ODU <3.33.101.0 - RCE
CVSS 8.8
CVE-2022-28373 CRITICAL
Verizon 5G Home LVSKIHP IDU 3.4.66.162 - RCE
CVSS 9.8
CVE-2022-34753 HIGH
SpaceLogic C-Bus Home Controller < 1.31.460 - OS Command Injection
CVSS 8.8
CVE-2022-28888 CRITICAL
Spryker Commerce OS 1.4.2 - Command Injection
CVSS 9.8
CVE-2022-22997 MEDIUM
Western Digital My Cloud Home Duo and My Cloud Home Firmware < 8.5.1-102 - Remote Code Execution via Command Injection
CVSS 6.8
CVE-2022-31138 HIGH
mailcow <2022-06a - Privilege Escalation
CVSS 8.8
CVE-2022-31137 CRITICAL
Roxy-WI < 6.1.1.0 - Unauthenticated Remote Code Execution via subprocess_execute Function
CVSS 10.0
CVE-2022-32054 CRITICAL
Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 - Remote Code Execution via lanIp Parameter
CVSS 9.8
CVE-2022-25048 HIGH
Control WebPanel 0.9.8.1126 - Authenticated OS Command Injection
CVSS 8.8
CVE-2022-34597 CRITICAL
Tenda AX1806 v1.0.0.1 - OS Command Injection via WanParameterSetting
CVSS 9.8
CVE-2022-34596 CRITICAL
Tenda AX1803 v1.0.0.1_2890 - OS Command Injection via WanParameterSetting
CVSS 9.8
CVE-2022-34595 CRITICAL
Tenda AX1803 v1.0.0.1_2890 - OS Command Injection via setipv6status Function
CVSS 9.8
CVE-2022-33948 HIGH
HOME SPOT CUBE2 V102 - Command Injection
CVSS 8.8
CVE-2022-2185 CRITICAL
GitLab <14.10.5-15.1.1 - Authenticated RCE
CVSS 9.9
CVE-2022-2253 CRITICAL
webhmi_firmware < 4.1.1.7662 - Authenticated OS Command Injection
CVSS 9.1
CVE-2022-33329 CRITICAL
Robustel R1510 3.3.0 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits