CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2020-20184 CRITICAL
GateOne - OS Command Injection via SSH Port Field
CVSS 9.8
CVE-2020-5636 MEDIUM
Aterm SA3500G <3.5.9 - Command Injection
CVSS 6.8
CVE-2020-5635 HIGH
Aterm SA3500G <Ver. 3.5.9 - Command Injection
CVSS 8.8
CVE-2020-28440 CRITICAL
corenlp-js-interface - OS Command Injection via Main Function
CVSS 9.8
CVE-2020-28439 CRITICAL
corenlp-js-prefab - OS Command Injection via corenlp-js-interface Dependency
CVSS 9.8
CVE-2020-15357 CRITICAL
Askey AP5100W_Dual_SIG_1.01.097 - RCE
CVSS 9.8
CVE-2020-12149 MEDIUM
Aruba EdgeConnect Enterprise 8.1-8.1.9.14 - Authenticated OS Command Injection via Configuration Backup Filename
CVSS 6.8
CVE-2020-12148 MEDIUM
Aruba EdgeConnect Enterprise < 8.1.9.15 - Authenticated OS Command Injection via nslookup API
CVSS 6.8
CVE-2020-7789 MEDIUM
node-notifier <9.0.0 - Command Injection
CVSS 5.6
CVE-2020-29311 CRITICAL
ubilling 1.0.9 - Remote Command Execution via Config File Injection
CVSS 9.8
CVE-2020-19527 CRITICAL
iCMS 7.0.14 - OS Command Injection via DB_NAME Parameter
CVSS 9.8
CVE-2020-19142 CRITICAL
iCMS 7 - OS Command Injection via DB_PREFIX Parameter
CVSS 9.8
CVE-2020-25499 HIGH
TOTOLINK A3002RU-V2 < 2.1.1-b20200911.1756 - Authenticated OS Command Injection via Run Command
CVSS 8.8
CVE-2020-26838 CRITICAL
SAP Business Warehouse/SAP BW4HANA - Code Injection
CVSS 9.1
CVE-2020-29390 CRITICAL
Zeroshell 3.9.3 - Command Injection
CVSS 9.8
CVE-2020-29381 CRITICAL
V-SOL V1600D, V1600D4L, V1600D-MINI, V1600G1, and V1600G2 Firmware - OS Command Injection via TFTP Upload Filename
CVSS 9.8
CVE-2020-26245 HIGH
systeminformation <4.30.5 - Command Injection
CVSS 8.1
CVE-2020-7778 HIGH
Package Systeminformation <4.30.2 - Code Injection
CVSS 7.3
CVE-2020-29056 CRITICAL
Cdatatec 72408a Firmware - OS Command Injection
CVSS 9.8
CVE-2020-4006 CRITICAL KEV
VMware Identity Manager and Connector - OS Command Injection
CVSS 9.1
CVE-2020-3586 CRITICAL
Cisco DNA Spaces Connector < 2.2 - Unauthenticated Remote Code Execution via Web Management Interface
CVSS 9.4
CVE-2020-28581 HIGH
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Authenticated OS Command Injection via ModifyVLANItem
CVSS 7.2
CVE-2020-28580 HIGH
Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 - Authenticated OS Command Injection via AddVLANItem
CVSS 7.2
CVE-2020-3367 HIGH
Cisco AsyncOS < 11.7.2-011 - Authenticated OS Command Injection via Log Subscription Subsystem
CVSS 7.8
CVE-2020-24297 HIGH
httpd on TP-Link TL-WPA4220 <4 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits