CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-33532 HIGH
Weidmueller Industrial WLAN - Command Injection
CVSS 8.8
CVE-2021-33530 HIGH
Weidmueller Industrial WLAN - Command Injection
CVSS 8.8
CVE-2021-35049 CRITICAL
Fidelis Network & Deception <9.3.7, 9.4 - Command Injection
CVSS 9.9
CVE-2021-35047 CRITICAL
Fidelis Network & Deception <9.3.7, 9.4 - Command Injection
CVSS 9.9
CVE-2021-28958 CRITICAL
ManageEngine ADSelfService Plus <= 6101 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2021-28800 HIGH
QNAP QTS < 4.3.3.1624 - OS Command Injection
CVSS 8.1
CVE-2021-21809 CRITICAL
Moodle Authenticated Spelling Binary RCE
CVSS 9.1
CVE-2021-31769 HIGH
MyQ Server < 8.2 - Unauthenticated Remote Code Execution via Task Scheduler
CVSS 8.8
CVE-2021-32682 CRITICAL
elFinder < 2.1.59 - Remote Code Execution via Archive Command Injection
CVSS 9.8
CVE-2021-32556 LOW
apport 2.14.1-0ubuntu3-2.14.1-0ubuntu3.29+esm7 - OS Command Injection via Modified Package Name
CVSS 3.8
CVE-2021-33358 HIGH
RaspAP 2.3-2.6.5 - Authenticated OS Command Injection via Interface/SSID/WPA Passphrase Parameters
CVSS 8.8
CVE-2021-33357 CRITICAL
RaspAP 2.6-2.6.5 - Unauthenticated OS Command Injection via iface GET Parameter
CVSS 9.8
CVE-2021-33841 CRITICAL
SGE-PLC1000 Firmware 0.9.2b - OS Command Injection
CVSS 10.0
CVE-2021-20731 HIGH
WSR-1166DHP3 <1.16 - Command Injection
CVSS 8.8
CVE-2021-26472 CRITICAL
Vembu BDR Suite and OffsiteDR < 4.2.0.1 - Unauthenticated OS Command Injection via Download API
CVSS 10.0
CVE-2021-32673 HIGH
reg-keygen-git-hash-plugin <0.10.16 - RCE
CVSS 8.8
CVE-2021-28811 HIGH
Roon Server < 2021-05-18 - Remote Command Injection
CVSS 7.2
CVE-2021-1538 MEDIUM
Cisco Common Services Platform Collector < 2.9.1 - Authenticated Remote Code Execution via Configuration Dashboard
CVSS 4.7
CVE-2021-24023 HIGH
FortiAI Firmware < 1.4.0 - Authenticated OS Command Injection via Diagnose Command
CVSS 7.8
CVE-2021-28812 HIGH
QNAP Video Station < 5.5.4 - Remote Command Injection
CVSS 8.8
CVE-2021-22123 HIGH
FortiWeb 5.9.0-6.2.3 - Authenticated OS Command Injection via SAML Server Configuration
CVSS 7.6
CVE-2021-3515 MEDIUM
pglogical <2.3.4, <3.6.26 - Command Injection
CVSS 6.7
CVE-2021-24312 HIGH
WP Super Cache < 1.7.3 - Remote Code Execution via Settings Parameters
CVSS 7.2
CVE-2021-20026 HIGH
SonicWall Network Security Manager < 2.2.0-R10 - Authenticated OS Command Injection
CVSS 8.8
CVE-2021-30187 MEDIUM
CODESYS V2 <2.4.7.55 - Code Injection
CVSS 5.3
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits