CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2020-36877 CRITICAL
ReQuest Serious Play F3 Media Server 7.0.3 - RCE
CVE-2020-36867 HIGH
Nagios XI <5.7.3 - Command Injection
CVSS 8.8
CVE-2020-36856 HIGH
Nagios XI <5.6.14 - Command Injection
CVSS 8.8
CVE-2020-13712 HIGH
oMG2000 <3.15.1 - Command Injection, MG90 <4.2.1 - Command Injection
CVSS 7.8
CVE-2020-8007 CRITICAL
EV Charger <5.6.2 - Command Injection
CVSS 9.8
CVE-2020-11847 HIGH
NetIQ Privileged Access Manager < 3.7.0.1 - Authenticated OS Command Injection via SSH
CVSS 8.2
CVE-2020-21583 MEDIUM
util-linux < 2.27 - OS Command Injection via hwclock Path Parameter
CVSS 6.7
CVE-2020-36762 MEDIUM
ONS Digital RAS Collection Instrument <2.0.28 - Code Injection
CVSS 5.5
CVE-2020-13378 HIGH
Loadbalancer.org Enterprise VA MAX <8.3.8 - Command Injection
CVSS 8.8
CVE-2020-6627 CRITICAL
Seagate Central NAS STCG2000300 STCG3000300 STCG4000300 - OS Command Injection via mv_backend_launch
CVSS 9.8
CVE-2020-28424 HIGH
s3-kilatstorage - OS Command Injection
CVSS 7.2
CVE-2020-27373 HIGH
Dr Trust USA iCheck Connect BP Monitor BP Testing <1.2.1 - Command ...
CVSS 8.8
CVE-2020-12775 CRITICAL
Hicos Citizen Certificate - Command Injection
CVSS 9.8
CVE-2020-28885 HIGH
Liferay Portal 7.2.0 GA1 and 7.3.5 GA6 - Authenticated OS Command Injection via Gogo Shell Module
CVSS 7.2
CVE-2020-28884 HIGH
Liferay Portal 7.2.0 GA1 and 7.3.5 GA6 - Authenticated OS Command Injection via Groovy Script
CVSS 7.2
CVE-2020-19316 HIGH
Laravel Framework < 5.8.17 - OS Command Injection via Filesystem.php link Function
CVSS 8.8
CVE-2020-8105 CRITICAL
Abode iota All-In-One Security Kit <1.0.2.23_6.9V_ - Command Injection
CVSS 9.6
CVE-2020-7879 HIGH
ipTIME C200 Firmware < 1.0.16 - OS Command Injection via wget Header Option
CVSS 8.8
CVE-2020-25368 CRITICAL
D-Link DIR-823G Firmware V1.0.2B05 - OS Command Injection via HNAP1 PrivateLogin Field
CVSS 9.8
CVE-2020-25367 CRITICAL
D-Link DIR-823G Firmware V1.0.2B05 - OS Command Injection via HNAP1 Captcha Field
CVSS 9.8
CVE-2020-36381 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
CVE-2020-36380 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
CVE-2020-36379 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
CVE-2020-36378 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
CVE-2020-36377 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits