CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-23862 HIGH
Bosch Video Management System < 9.0 - Authenticated OS Command Injection via Configuration Packet
CVSS 7.2
CVE-2021-36195 MEDIUM
FortiWeb <6.4.1 - Command Injection
CVSS 4.2
CVE-2021-36180 HIGH
FortiWeb <6.4.1,<6.3.15,<6.2.5 - Command Injection
CVSS 8.1
CVE-2021-20044 HIGH
SonicWall SMA100 - Authenticated Remote Command Injection
CVSS 8.8
CVE-2021-20039 HIGH
SonicWall SMA 200/210/400/410/500v Firmware - Authenticated OS Command Injection via /cgi-bin/viewcert
CVSS 8.8
CVE-2021-44685 CRITICAL
git-it < 4.4.0 - OS Command Injection via Unsanitized Branch Name in Branches Aren't Just For Birds Challenge
CVSS 9.8
CVE-2021-44684 CRITICAL
github-todos < 3.1.0 - OS Command Injection via _hook Subcommand Range Argument
CVSS 9.8
CVE-2021-43033 CRITICAL
Kaseya Unitrends Backup <10.5.5 - RCE
CVSS 9.8
CVE-2021-20863 HIGH
ELECOM routers <1.25 - Command Injection
CVSS 8.0
CVE-2021-20859 HIGH
ELECOM LAN routers <1.52 - Path Traversal
CVSS 8.0
CVE-2021-20854 MEDIUM
ELECOM LAN routers <1.02.9 - Command Injection
CVSS 6.8
CVE-2021-20853 MEDIUM
ELECOM LAN routers <1.02.9 - Command Injection
CVSS 6.8
CVE-2021-43283 HIGH
Victure WR1200 <1.0.3 - Command Injection
CVSS 8.8
CVE-2021-3769 HIGH
Pygmalion, Pygmalion-Virtualenv, Refined <b3ba9978 - Info Disclosure
CVSS 7.5
CVE-2021-3727 HIGH
rand-quote/hitokoto - Command Injection
CVSS 7.5
CVE-2021-3726 HIGH
oh_my_zsh < 2021-11-11 - OS Command Injection via title Function
CVSS 7.5
CVE-2021-3725 HIGH
dirhistory plugin - Command Injection
CVSS 7.5
CVE-2021-41243 CRITICAL
baserCMS - Zip Slip & Command Injection
CVSS 9.1
CVE-2021-38685 CRITICAL
QVR < 5.1.6 - OS Command Injection
CVSS 9.8
CVE-2021-20850 CRITICAL
PowerCMS 2.0-2.058 - OS Command Injection via XMLRPC API
CVSS 9.8
CVE-2021-42784 CRITICAL
D-Link DWR-932C E1 Firmware < 1.0.0.4 - OS Command Injection via debug_fcgi
CVSS 9.8
CVE-2021-36313 CRITICAL
Dell EMC CloudLink <7.1 - Command Injection
CVSS 9.1
CVE-2021-23732 CRITICAL
docker-cli-js - OS Command Injection via Docker.command Method
CVSS 9.0
CVE-2021-41280 CRITICAL
Sharetribe < 10.2.1 - OS Command Injection via Unset SNS Notification Token
CVSS 9.8
CVE-2021-3723 HIGH
IBM System x 3550/3650 M3 - Command Injection
CVSS 7.2
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits