CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2020-25036 HIGH
UCOPIA Wi-Fi Appliance < 6.0.5 - Authenticated OS Command Injection via Less Command
CVSS 8.8
CVE-2020-28426 HIGH
kill-process-on-port - OS Command Injection via a.getProcessPortId
CVSS 7.3
CVE-2020-5626 HIGH
Logstorage <8.0.0 - Command Injection
CVSS 8.8
CVE-2020-36199 CRITICAL
Kaspersky TinyCheck < 2020-12-18 - OS Command Injection via Input Parameter
CVSS 9.8
CVE-2020-35576 HIGH
TP-Link TL-WR841N V13 (JP) < 201216 - Authenticated OS Command Injection via Traceroute Feature
CVSS 8.8
CVE-2020-27542 MEDIUM
Rostelecom CS-C2SHW 5.0.082.1 - Command Injection
CVSS 6.8
CVE-2020-27298 MEDIUM
Philips Interventional Workspot 1.3.2/1.4.0/1.4.1/1.4.3/1.4.5 - OS Command Injection
CVSS 6.5
CVE-2020-23826 HIGH
Yale WIPC-303W 2.21-2.31 - Remote Code Execution via HTTP API Command Injection
CVSS 8.8
CVE-2020-12513 HIGH
Pepperl+Fuchs Comtrol IO-Link Master <1.5.48 - Authenticated Comman...
CVSS 7.5
CVE-2020-29495 CRITICAL
DELL EMC Avamar Server <19.3 - Command Injection
CVSS 10.0
CVE-2020-29017 HIGH
FortiDeceptor 3.0.0-3.1.0 - Authenticated OS Command Injection via Customization Page
CVSS 8.8
CVE-2020-35578 HIGH
Nagios XI < 5.8.0 - Authenticated OS Command Injection via Plugin Upload
CVSS 7.2
CVE-2020-5685 CRITICAL
NEC UNIVERGE SV9500 V1-V7 and SV8500 S6-S8 - OS Command Injection and Denial of Service via Crafted Request
CVSS 9.8
CVE-2020-35459 HIGH
crmsh < 4.2.1 - Authenticated OS Command Injection via crm history Command
CVSS 7.8
CVE-2020-35458 CRITICAL
ClusterLabs Hawk 2.x-2.3.0 - Unauthenticated OS Command Injection via hawk_remember_me_id Cookie Parameter
CVSS 9.8
CVE-2020-2508 HIGH
QNAP QTS < 4.5.1.1456 and QuTS hero < h4.5.1.1472 - OS Command Injection
CVSS 7.2
CVE-2020-5146 HIGH
SonicWall SMA100 Firmware < 10.2.0.2-20sv - Authenticated OS Command Injection via HTTP POST Parameters
CVSS 7.2
CVE-2020-7794 CRITICAL
buns - OS Command Injection via install Function
CVSS 9.8
CVE-2020-7784 CRITICAL
ts-process-promises - Code Injection
CVSS 9.8
CVE-2020-26085 CRITICAL
Cisco Jabber < 12.1.4, < 12.8.5, < 12.9.4 - Information Disclosure
CVSS 9.9
CVE-2020-36178 CRITICAL
TP-Link TL-WR840N 6_EU_0.9.1_4.16 - OS Command Injection via IP Address Field
CVSS 9.8
CVE-2020-26294 HIGH
Vela compiler < 0.6.1 - Server Configuration Exposure via Sprig env Function
CVSS 7.4
CVE-2020-35851 HIGH
HGiga MailSherlock < 4.5-115 - OS Command Injection
CVSS 8.1
CVE-2020-19664 HIGH
DrayTek Vigor2960 Firmware < 1.5.1 - Remote Code Execution via mainfunction.cgi toLogin2FA Shell Metacharacters
CVSS 8.8
CVE-2020-17363 CRITICAL
USVN < 1.0.9 - Remote Code Execution via Timeline Module Parameters
CVSS 9.9
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits