CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2020-36376 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
CVE-2020-26707 CRITICAL
aaptjs 1.3.1 - OS Command Injection via filePath Parameter
CVSS 9.8
CVE-2020-22724 CRITICAL
Mercury Router MER1200 <1.0.1 - RCE
CVSS 9.8
CVE-2020-26301 HIGH
ssh2 < 1.4.0 - OS Command Injection
CVSS 7.5
CVE-2020-26300 MEDIUM
systeminformation <4.26.2 - Command Injection
CVSS 5.9
CVE-2020-26772 CRITICAL
PPGo_Jobs <2.8.0 - Command Injection
CVSS 9.8
CVE-2020-22345 HIGH
Centreon < 20.04.0 - Remote Code Execution via RRDdatabase_path Parameter
CVSS 8.8
CVE-2020-23151 CRITICAL
rconfig 3.9.5 - OS Command Injection via ajaxArchiveFiles.php Path Parameter
CVSS 9.8
CVE-2020-7389 MEDIUM
Sage Syracuse 9.0-9.22.7.2 - Authenticated OS Command Injection via CHAINE Variable
CVSS 5.5
CVE-2020-21937 CRITICAL
Motorola CX2 Firmware - OS Command Injection via HNAP1 SetWLanApcliSettings
CVSS 9.8
CVE-2020-21935 CRITICAL
Motorola CX2 Firmware CX 1.0.2 Build 20190508 Rel.97360n - OS Command Injection via HNAP1/GetNetworkTomographySettings
CVSS 9.8
CVE-2020-25206 HIGH
Mimosa B5, B5c, C5x Firmware 1.5.2-2.8.0.2 - OS Command Injection via API
CVSS 7.2
CVE-2020-5322 CRITICAL
Dell EMC OpenManage Enterprise-Modular < 1.10.00 - Authenticated OS Command Injection
CVSS 9.1
CVE-2020-29499 MEDIUM
Dell EMC PowerStore <1.0.3.0.5.006 - Command Injection
CVSS 6.4
CVE-2020-19907 HIGH
Caldera < 2.3.1 - Authenticated OS Command Injection via Sandcat Plugin
CVSS 8.8
CVE-2020-25755 HIGH
Enphase Envoy R3.x and D4.x - Authenticated OS Command Injection via Upgrade Start Force Parameter
CVSS 8.8
CVE-2020-26670 HIGH
BigTree CMS <4.4.10 - Command Injection
CVSS 8.8
CVE-2020-36198 MEDIUM
QNAP Malware Remover < 4.6.1.0 - Remote Command Injection
CVSS 6.7
CVE-2020-21999 HIGH
iWT FaceSentry Access Control System 6.4.8 - Authenticated OS Command Injection via strInIP Parameter
CVSS 8.8
CVE-2020-21992 HIGH
Inim SmartLiving Firmware < 6.0 - Authenticated OS Command Injection via testemail Module par Parameter
CVSS 8.8
CVE-2020-22000 HIGH
HomeAutomation 3.3.2 - Authenticated OS Command Injection via Custom Command Plugin
CVSS 8.0
CVE-2020-7034 HIGH
Avaya Session Border Controller for Enterprise 7.x-8.1.1.x - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-35314 CRITICAL
WonderCMS 3.1.3 - Authenticated Remote Code Execution via Theme/Plugin Installer
CVSS 9.8
CVE-2020-2509 CRITICAL KEV
QTS < 4.2.6 - OS Command Injection
CVSS 9.8
CVE-2020-27227 CRITICAL
OpenClinic GA 5.173.3 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits