CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-36182 HIGH
Fortinet FortiWeb <6.3.13 - Command Injection
CVSS 8.8
CVE-2021-39279 HIGH
Moxa Wac-2004 Firmware - OS Command Injection
CVSS 8.8
CVE-2021-36024 CRITICAL
Adobe Commerce/Magento Open Source <=2.4.2-p1 - Admin Data Collection Command Execution
CVSS 9.1
CVE-2021-36022 CRITICAL
Magento Commerce <2.4.2-2.3.7 - Code Injection
CVSS 9.1
CVE-2021-27556 HIGH
EasyCorp ZenTao 12.5.3 - Authenticated Remote Code Execution via Cron Job Type Parameter
CVSS 7.2
CVE-2021-35062 HIGH
DRK Odenwaldkreis Testerfassung March-2021 - Command Injection
CVSS 8.1
CVE-2021-33055 CRITICAL
Zoho ManageEngine ADSelfService Plus <6102 - RCE
CVSS 9.8
CVE-2021-27944 CRITICAL
Vizio P65-F1 and E50x-E1 Firmware - Unauthenticated Remote Code Execution via File Upload
CVSS 9.8
CVE-2021-1584 MEDIUM
Cisco NX-OS - Authenticated Privilege Escalation via CLI Command Injection
CVSS 6.0
CVE-2021-39159 CRITICAL
BinderHub < 0.2.0-n653 - Remote Code Execution via Malicious Input
CVSS 9.6
CVE-2021-39160 CRITICAL
nbgitpuller 0.9.0-0.10.1 - OS Command Injection via Malicious Link
CVSS 9.6
CVE-2021-38306 CRITICAL
LG N1T1*** 10124 - Command Injection
CVSS 9.8
CVE-2021-33191 CRITICAL
Apache NiFi MiNiFi C++ <0.10.0 - Privilege Escalation
CVSS 9.8
CVE-2021-39244 HIGH
Altus Nexto, Nexto Xpress, Hadron Xtorm Firmware - Authenticated Command Injection via getlogs.cgi
CVSS 8.8
CVE-2021-36011 HIGH
Adobe Illustrator <25.2.3 - Command Injection
CVSS 8.3
CVE-2021-28634 HIGH
Acrobat DC < 21.005.20054 and 17.011.30059-17.011.30197 - Authenticated OS Command Injection
CVSS 8.2
CVE-2021-32830 LOW
@diez/generation - Command Injection
CVSS 3.9
CVE-2021-3617 HIGH
Lenovo Smart Camera X3, X5, and C2E Firmware < 01.03.29.16 - OS Command Injection via Network Configuration
CVSS 7.2
CVE-2021-3459 MEDIUM
Motorola MM1000 Firmware - Privilege Escalation and OS Command Injection via Web Server
CVSS 6.8
CVE-2021-21599 MEDIUM
Dell EMC PowerScale OneFS 8.2.x-9.2.1.x - Authenticated OS Command Injection
CVSS 6.0
CVE-2021-32826 MEDIUM
proxyee-down - OS Command Injection via Malicious Extension Script
CVSS 6.8
CVE-2021-37708 HIGH
Shopware < 6.4.3.1 - OS Command Injection in Mail Agent Settings
CVSS 8.8
CVE-2021-35394 CRITICAL KEV
Realtek RTL819x Jungle SDK 2.0-3.4.14b - Unauthenticated OS Command Injection via MP Daemon UDPServer
CVSS 9.8
CVE-2021-23422 HIGH
bikeshed < 3.0.0 - OS Command Injection via Inline Tag Command Metadata
CVSS 7.8
CVE-2021-3708 HIGH
D-Link router DSL-2750U <vME1.16 - Command Injection
CVSS 7.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits