CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-25084 CRITICAL
TOTOLink T6 V5.9c.4085_B20190428 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25083 CRITICAL
TOTOLink A860R V4.1.2cu.5182_B20201027 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25082 CRITICAL
TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25081 CRITICAL
TOTOLink T10 V5.9c.5061_B20200511 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25080 CRITICAL
TOTOLink A830R V5.9c.4729_B20191112 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25079 CRITICAL
TOTOLink A810R V4.1.2cu.5182_B20201026 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25078 CRITICAL
TOTOLink A3600R V4.1.2cu.5182_B20201102 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25077 CRITICAL
TOTOLink A3100R V4.1.2cu.5050_B20200504 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25076 CRITICAL
TOTOLink A800R V4.1.2cu.5137_B20200730 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-25075 CRITICAL
TOTOLink A3000RU V5.9c.2280_B20180512 - OS Command Injection via QUERY_STRING Parameter
CVSS 9.8
CVE-2022-20650 HIGH
Cisco NX-OS - Authenticated Remote Code Execution via NX-API HTTP POST Request
CVSS 8.8
CVE-2022-21143 HIGH
Airspan Mimosa Management Platform <1.0.3 / C6x/C5x/C5c <2.8.6.1 / A5x <2.5.4.1 - OS Command Injection
CVSS 7.5
CVE-2022-22945 HIGH
VMware Cloud Foundation 3.0-3.10 and NSX Data Center < 6.4.13 - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2022-25175 HIGH
Jenkins Pipeline Multibranch < 706.vd43c65dec013 - Authenticated OS Command Injection via readTrusted Step
CVSS 8.8
CVE-2022-25174 HIGH
Jenkins Pipeline < 552.vd9cc05b8a2e1 - Authenticated OS Command Injection via SCM Checkout Directory
CVSS 8.8
CVE-2022-25173 HIGH
Jenkins Pipeline: Groovy Plugin < 2648.va9433432b33c - OS Command Injection via SCM Content
CVSS 8.8
CVE-2022-23389 CRITICAL
PublicCMS v4.0 - Remote Code Execution via cmdarray Parameter
CVSS 9.8
CVE-2022-0557 HIGH
Packagist microweber/microweber <1.2.11 - Command Injection
CVSS 7.2
CVE-2022-20708 CRITICAL KEV
Cisco RV340 and RV345 Series Routers < 1.0.03.24 - OS Command Injection
CVSS 10.0
CVE-2022-24552 CRITICAL
StarWind Stack <v0.2 build 1633 - Command Injection
CVSS 9.8
CVE-2022-23611 HIGH
itunesrpc-remastered - OS Command Injection via Image File Path
CVSS 8.1
CVE-2022-0365 CRITICAL
Riconmobile S9922L/S9922XL Firmware - OS Command Injection
CVSS 9.1
CVE-2022-23935 HIGH
ExifTool <12.38 - Command Injection
CVSS 7.8
CVE-2022-22991 HIGH
Western Digital My Cloud OS < 5.19.117 - OS Command Injection via DNS Spoofing
CVSS 7.8
CVE-2022-20617 HIGH
Jenkins Docker Commons Plugin <1.17 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits