CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2022-21668 HIGH
pipenv 2018.10.9-2022.1.8 - Remote Code Execution via Malicious Requirements File Comment
CVSS 8.0
CVE-2021-4473 CRITICAL
Tianxin Internet Behavior Management System Command Injection via toQuery.php
CVSS 9.8
CVE-2021-35402 CRITICAL
PROLiNK PRC2402M <2021-06-13 - Command Injection
CVSS 10.0
CVE-2021-47903 HIGH
LiteSpeed Web Server Enterprise 5.4.11 - Command Injection
CVSS 8.8
CVE-2021-47851 CRITICAL
Mini Mouse 9.2.0 - Unauthenticated Remote Code Execution via /op=command Endpoint
CVSS 9.8
CVE-2021-47748 CRITICAL
Hasura GraphQL 1.3.3 - Remote Code Execution via SQL Query Manipulation in run_sql Endpoint
CVSS 9.8
CVE-2021-47816 HIGH
Thecus N4800Eco - Command Injection
CVSS 8.8
CVE-2021-47794 HIGH
ZesleCP < 3.1.9 - Authenticated Remote Code Execution via FTP Account Creation
CVSS 8.8
CVE-2021-47747 HIGH
meterN 1.2.3 - Authenticated Remote Code Execution via COMMANDx and LIVECOMMANDx Parameters
CVSS 8.8
CVE-2021-47745 HIGH
Cypress Solutions CTM-200 2.7.1 - Command Injection
CVSS 8.8
CVE-2021-47728 CRITICAL
Selea Targa IP OCR-ANPR Camera - Command Injection
CVSS 9.8
CVE-2021-4470 CRITICAL
TG8 Firewall - Unauthenticated Remote Code Execution via runphpcmd.php syscmd Parameter
CVE-2021-4466 HIGH
IPCop <= 2.1.9 - Authenticated Remote Code Execution via Email Configuration
CVE-2021-47667 CRITICAL
ZendTo 5.24-3-6.x < 6.10-7 - Unauthenticated OS Command Injection via tmp_name Parameter
CVSS 10.0
CVE-2021-46686 CRITICAL
acmailer <4.0.3-1.1.5 - Command Injection
CVSS 9.8
CVE-2021-26115 HIGH
FortiWAN < 4.5.8 - Authenticated Privilege Escalation via Command Line Interface Command Injection
CVSS 7.8
CVE-2021-33633 HIGH
openEuler aops-ceres <1.4.1 - Command Injection
CVSS 7.3
CVE-2021-42796 CRITICAL
AVEVA Edge < 2020 - Unauthenticated OS Command Injection via ExecuteCommand()
CVSS 9.8
CVE-2021-36023 CRITICAL
Magento Commerce <2.4.2-2.3.7 - Code Injection
CVSS 9.1
CVE-2021-42081 CRITICAL
QuantaStor < 6.0.0.355 - Authenticated Remote Code Execution via API
CVSS 9.1
CVE-2021-33990 CRITICAL
Liferay Portal 6.2.5 - OS Command Injection via File Upload Request
CVSS 9.8
CVE-2021-4281 MEDIUM
Brave UX for-the-badge - Code Injection
CVSS 4.6
CVE-2021-32692 CRITICAL
Activity Watch <0.11.0 - Command Injection
CVSS 9.6
CVE-2021-4242 MEDIUM
Sapido BR270n BRC76n GR297 RB1732 - OS Command Injection via ip/syscmd.htm
CVSS 6.3
CVE-2021-44171 CRITICAL
FortiOS 6.0.0-6.0.14, 6.2.0-6.2.10, 6.4.0-6.4.8, 7.0.0-7.0.3 - OS Command Injection via Diagnostic CLI Commands
CVSS 9.0
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits