CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-28398 HIGH
GeoNetwork <4.0.4 - Command Injection
CVSS 7.2
CVE-2021-42232 CRITICAL
TP-Link Archer A7(US)_V5_210519 - OS Command Injection via tddp Data Packet Handling
CVSS 9.8
CVE-2021-36667 HIGH
Druva inSync Client < 7.0.0 - OS Command Injection via Local HTTP Server
CVSS 7.8
CVE-2021-41738 HIGH
ZeroShell 3.9.5 - Authenticated OS Command Injection via Kerbynet IP Parameter
CVSS 8.8
CVE-2021-35531 MEDIUM
Hitachi Energy TXpert Hub CoreTec <2.2.1 - Command Injection
CVSS 6.7
CVE-2021-42890 CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 - Remote Command Injection via NTPSyncWithHost Function
CVSS 9.8
CVE-2021-42888 CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 - OS Command Injection via setLanguageCfg Function
CVSS 9.8
CVE-2021-42885 CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 - OS Command Injection via setDeviceMac Function
CVSS 9.8
CVE-2021-42884 CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 - Remote Command Injection via setDeviceName Function
CVSS 9.8
CVE-2021-42875 CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 - Remote Command Injection via setDiagnosisCfg Function
CVSS 9.8
CVE-2021-44080 HIGH
SerComm h500s Firmware lowi-h500s-v3.4.22 - Authenticated OS Command Injection via connection_type Parameter
CVSS 7.2
CVE-2021-42872 CRITICAL
TOTOLINK EX1200T V4.1.2cu.5215 - Remote Code Execution via Command Injection
CVSS 9.8
CVE-2021-34084 CRITICAL
s3-uploader < 2.0.3 - OS Command Injection via Metadata Function
CVSS 9.8
CVE-2021-34083 HIGH
google-it < 1.6.2 - Remote Code Execution via Open in Browser Option
CVSS 8.1
CVE-2021-34082 CRITICAL
proctree < 0.1.1 - OS Command Injection via fix Function
CVSS 9.8
CVE-2021-34081 HIGH
gitsome < 0.2.3 - OS Command Injection via Crafted Git Tag Name
CVSS 8.8
CVE-2021-34080 CRITICAL
ssl-utils < 1.0.0 - OS Command Injection via createCertRequest() and createCert() Functions
CVSS 9.8
CVE-2021-34079 CRITICAL
docker-tester < 1.2.1 - OS Command Injection via docker-compose.yml Ports Entry
CVSS 9.8
CVE-2021-34078 HIGH
lifion-verify-dependencies < 1.2.0 - OS Command Injection via Crafted Dependency Name
CVSS 8.8
CVE-2021-34111 CRITICAL
Thecus N4800Eco Firmware - OS Command Injection via Username Parameter
CVSS 9.8
CVE-2021-42852 HIGH
Lenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8.x1 - Authenticated OS Command Injection
CVSS 8.0
CVE-2021-42897 CRITICAL
FeMiner wms 1.0 - Remote Code Execution via datarec.php r_name Parameter
CVSS 9.8
CVE-2021-42969 HIGH
Anaconda3 <2021.05 - Command Injection
CVSS 8.8
CVE-2021-30361 MEDIUM
Check Point Gaia Portal - Command Injection
CVSS 6.7
CVE-2021-41739 CRITICAL
Artica Proxy 4.30.000000 - OS Command Injection via cyrus.events.php
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits