CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2020-21883 HIGH
UniBox U-50 and Enterprise and Campus Series 2.4 - OS Command Injection via Ping Tool
CVSS 8.8
CVE-2020-27600 CRITICAL
D-Link DIR-846 A1_100.26 - OS Command Injection via SSID Parameter
CVSS 9.8
CVE-2020-24636 CRITICAL
Aruba Instant - Remote Code Execution
CVSS 9.8
CVE-2020-24635 HIGH
Aruba Instant - Remote Code Execution
CVSS 7.2
CVE-2020-28695 HIGH
Askey RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 - Remote Code Execution
CVSS 8.8
CVE-2020-10583 HIGH
Invigo ADM <5.0 - Command Injection
CVSS 8.8
CVE-2020-1946 CRITICAL
Apache SpamAssassin < 3.4.5 - OS Command Injection via Rule Configuration Files
CVSS 9.8
CVE-2020-27575 HIGH
Maxum Rumpus 8.2.13-8.2.14 - Command Injection
CVSS 8.8
CVE-2020-28429 HIGH
geojson2kml - OS Command Injection via index.js
CVSS 7.3
CVE-2020-36246 HIGH
Amaze File Manager < 3.5.1 - OS Command Injection via Symbolic Link
CVSS 7.8
CVE-2020-28490 CRITICAL
async-git < 1.13.2 - OS Command Injection via Shell Meta-Characters
CVSS 9.1
CVE-2020-29664 HIGH
DJI Mavic 2 Remote Controller <1.00.0510 - Command Injection
CVSS 7.8
CVE-2020-24899 HIGH
Nagios XI 5.7.2 - Authenticated Remote Code Execution via Webapp Query Injection
CVSS 8.8
CVE-2020-27861 HIGH
NETGEAR Orbi and Extenders Firmware < 2.6.1.44 - Unauthenticated OS Command Injection via DHCP Host Name Option
CVSS 8.8
CVE-2020-26193 HIGH
Dell EMC PowerScale OneFS 8.1.0-9.1.0 - Authenticated OS Command Injection
CVSS 7.8
CVE-2020-7786 CRITICAL
macfromip - OS Command Injection in macfromip.js
CVSS 9.8
CVE-2020-7785 CRITICAL
node-ps - OS Command Injection via lib/index.js
CVSS 9.8
CVE-2020-7782 CRITICAL
spritesheet-js - OS Command Injection via platform-command Dependency
CVSS 9.8
CVE-2020-11920 CRITICAL
Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14 - OS Command Injection via NFS Settings HOST/IP Field
CVSS 9.8
CVE-2020-36243 HIGH
OpenEMR 5.0.2.1 - Authenticated OS Command Injection via Patient Portal Backup Endpoint
CVSS 8.8
CVE-2020-2507 CRITICAL
QNAP Helpdesk < 3.0.3 - Remote Command Injection
CVSS 9.8
CVE-2020-7775 CRITICAL
Package freediskspace - Code Injection
CVSS 9.8
CVE-2020-18568 CRITICAL
D-Link DSR-250/DSR-1000N - Command Injection
CVSS 9.8
CVE-2020-25506 CRITICAL KEV
D-Link DNS-320 FW v2.06B01 Revision Ax - OS Command Injection in system_mgr.cgi
CVSS 9.8
CVE-2020-28494 HIGH
total.js < 3.4.7 - OS Command Injection via Image Type Parameter
CVSS 8.6
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits