CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,017 vulnerabilities with CWE-78
CVE-2020-26217 HIGH
XStream < 1.4.14 - Remote Code Execution via Blocklist Bypass
CVSS 8.0
CVE-2020-8273 HIGH
Citrix SD-WAN <11.2.2-10.2.8 - Privilege Escalation
CVSS 8.8
CVE-2020-8270 HIGH
CVAD <2009-7.15 LTSR - Command Injection
CVSS 8.8
CVE-2020-2492 HIGH
QNAP QTS < 4.4.3.1421 - Remote Code Execution
CVSS 7.2
CVE-2020-2490 HIGH
QNAP QTS < 4.4.3.1421 - Remote Command Injection
CVSS 7.2
CVE-2020-24719 CRITICAL
Couchbase Server 6.5.1 - Remote Command Execution via Exposed Erlang Cookie
CVSS 9.8
CVE-2020-2000 HIGH
PAN-OS 8.1.0-8.1.15 - Authenticated OS Command Injection and Memory Corruption
CVSS 7.2
CVE-2020-17010 HIGH
Windows 10 and Windows Server 2016 - Elevation of Privilege via Win32k
CVSS 7.8
CVE-2020-28347 CRITICAL
TP-Link Archer A7 AC1750 Firmware < 201029 - Remote Code Execution via tdpServer slave_mac Parameter
CVSS 9.8
CVE-2020-3371 MEDIUM
Cisco Integrated Management Controller < 3.0(3e) - Authenticated OS Command Injection via Web UI
CVSS 6.3
CVE-2020-16846 CRITICAL KEV
SaltStack Salt REST API Arbitrary Command Execution
CVSS 9.8
CVE-2020-24849 HIGH
FruityWifi <= 2.4 - Authenticated Remote Code Execution via page_config_adv.php Shell Metacharacter Injection
CVSS 8.8
CVE-2020-25849 HIGH
Openfind MailGates and MailAudit - Authenticated OS Command Injection via CGI Parameter
CVSS 8.8
CVE-2020-27887 HIGH
eyesofnetwork 5.3-5.3-8 - Authenticated OS Command Injection via AutoDiscovery nmap_binary Parameter
CVSS 8.8
CVE-2020-27744 CRITICAL
Western Digital My Cloud Firmware < 5.04.114 - Remote Code Execution
CVSS 9.8
CVE-2020-16257 CRITICAL
Winston 1.5.4 - OS Command Injection via API
CVSS 9.8
CVE-2020-27976 CRITICAL
osCommerce Phoenix CE < 1.0.5.4 - OS Command Injection via Admin Mail From Parameter
CVSS 9.8
CVE-2020-27159 CRITICAL
Western Digital My Cloud <5.04.114 - RCE
CVSS 9.8
CVE-2020-27158 CRITICAL
Western Digital My Cloud <5.04.114 - RCE
CVSS 9.8
CVE-2020-25765 CRITICAL
Western Digital My Cloud Firmware < 5.04.114 - Remote Code Execution via reg_device.php Input Validation
CVSS 9.8
CVE-2020-26878 HIGH
Ruckus <1.5.1.0.21 - Command Injection
CVSS 8.8
CVE-2020-15272 HIGH
git-tag-annotation-action <1.0.1 - Command Injection
CVSS 8.7
CVE-2020-15271 CRITICAL
lookatme < 2.3.0 - OS Command Injection via Markdown Rendering
CVSS 9.3
CVE-2020-7752 HIGH
systeminformation < 4.27.11 - OS Command Injection via curl Parameter Concatenation
CVSS 8.8
CVE-2020-3459 HIGH
Cisco FXOS Software - Command Injection
CVSS 7.8
Details
Vulnerabilities 6,017
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits