CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2021-28143 HIGH
D-Link DIR-841 <3.04 - Command Injection
CVSS 8.0
CVE-2021-28144 HIGH
D-Link DIR-3060 <1.11b04 HF2 - Command Injection
CVSS 8.8
CVE-2021-28132 CRITICAL
LUCY Security Awareness Software <4.7.x - RCE
CVSS 9.8
CVE-2021-24033 MEDIUM
react-dev-utils < 11.0.4 - OS Command Injection via getProcessForPort Function
CVSS 5.6
CVE-2021-21503 HIGH
Dell EMC PowerScale OneFS 8.1.2, 8.2.2, 9.1.0 - Authenticated Privilege Escalation via Command Injection
CVSS 7.8
CVE-2021-27256 HIGH
NETGEAR R7800 <1.0.2.76 - Code Injection
CVSS 8.8
CVE-2021-26970 MEDIUM
Aruba AirWave < 8.2.12.0 - Authenticated Remote Command Execution via Web Management Interface
CVSS 6.3
CVE-2021-26962 HIGH
Aruba AirWave < 8.2.12.0 - Authenticated Remote Command Execution via CLI
CVSS 7.2
CVE-2021-27886 CRITICAL
rakibtg Docker Dashboard <2021-02-28 - Command Injection
CVSS 9.8
CVE-2021-3342 CRITICAL
EPrints 3.4.2 - Remote Command Execution via LaTeX Input to latex2png Endpoint
CVSS 9.8
CVE-2021-26704 HIGH
EPrints 3.4.2 - Remote Code Execution via cgi/toolbox/toolbox Verb Parameter
CVSS 8.8
CVE-2021-26476 CRITICAL
EPrints 3.4.2 - Remote Code Execution via LaTeX Input to cgi/cal Endpoint
CVSS 9.8
CVE-2021-21302 MEDIUM
PrestaShop 1.5.0.0-1.7.7.2 - CSV Injection via Admin Panel Shop Search Keywords
CVSS 6.8
CVE-2021-20658 CRITICAL
SolarView Compact SV-CPT-MC310 - RCE
CVSS 9.8
CVE-2021-26680 HIGH
Aruba ClearPass Policy Manager < 6.9.5, < 6.8.8-HF1, < 6.7.14-HF1 - Authenticated OS Command Injection
CVSS 7.2
CVE-2021-26679 HIGH
Aruba ClearPass Policy Manager < 6.9.5, < 6.8.8-HF1, < 6.7.14-HF1 - Authenticated OS Command Injection
CVSS 7.2
CVE-2021-26684 HIGH
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated Remote Command Execution
CVSS 7.2
CVE-2021-26683 HIGH
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated OS Command Injection
CVSS 7.2
CVE-2021-26681 HIGH
Aruba ClearPass Policy Manager < 6.7.14 - Authenticated OS Command Injection via CLI
CVSS 7.2
CVE-2021-26724 HIGH
Nozominetworks Central Management Control - OS Command Injection
CVSS 7.2
CVE-2021-3149 HIGH
Netshield NANO 25 10.2.18 - Authenticated OS Command Injection via manual_ping.cgi
CVSS 7.2
CVE-2021-26747 CRITICAL
Netis WF2780 2.3.40404 and WF2411 1.1.29629 - Remote Code Execution via Ping Command Injection
CVSS 9.8
CVE-2021-20655 HIGH
FileZen <4.2.7, >5.0.2 - Command Injection
CVSS 7.2
CVE-2021-27104 CRITICAL KEV
Accellion FTA < 9_12_370 - OS Command Injection via Crafted POST Request
CVSS 9.8
CVE-2021-27102 HIGH KEV
Accellion FTA < 9_12_411 - OS Command Injection via Local Web Service Call
CVSS 7.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits