CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,020 vulnerabilities with CWE-78
CVE-2020-15271 CRITICAL
lookatme < 2.3.0 - OS Command Injection via Markdown Rendering
CVSS 9.3
CVE-2020-7752 HIGH
systeminformation < 4.27.11 - OS Command Injection via curl Parameter Concatenation
CVSS 8.8
CVE-2020-3459 HIGH
Cisco FXOS Software - Command Injection
CVSS 7.8
CVE-2020-3457 MEDIUM
Cisco FXOS Software - Command Injection
CVSS 6.7
CVE-2020-5791 HIGH
Nagios XI 5.6.0-5.7.3 - Mibs.php Authenticated Remote Code Exection
CVSS 7.2
CVE-2020-13778 HIGH
rconfig < 3.9.4 - Authenticated OS Command Injection via Template Handler
CVSS 8.8
CVE-2020-14144 HIGH
Gitea 1.1.0-1.12.5 - Authenticated Remote Code Execution via Git Hook Script Injection
CVSS 7.2
CVE-2020-25859 MEDIUM
Qualcomm QCMAP - OS Command Injection via SetGatewayUrl Request
CVSS 6.7
CVE-2020-6364 CRITICAL
SAP Solution Manager/Focused Run <10.7 - Code Injection
CVSS 10.0
CVE-2020-17406 HIGH
Microhard Bullet-LTE <1.2.0-r1112 - RCE
CVSS 8.8
CVE-2020-3602 MEDIUM
Cisco StarOS - Privilege Escalation
CVSS 6.3
CVE-2020-3601 MEDIUM
Cisco StarOS - Privilege Escalation
CVSS 4.4
CVE-2020-26582 HIGH
D-Link DAP-1360U <3.0.1 - Command Injection
CVSS 8.8
CVE-2020-14293 HIGH
Secudos DOMOS < 5.8 - Remote Code Execution via Zone Field Shell Metacharacters
CVSS 7.5
CVE-2020-12124 CRITICAL
WAVLINK WN530H4 M30H4.V5030.190403 - Unauthenticated Remote Command Execution via live_api.cgi Endpoint
CVSS 9.8
CVE-2020-7735 MEDIUM
ng-packagr < 10.1.1 - OS Command Injection via styleIncludePaths Option
CVSS 6.6
CVE-2020-25223 CRITICAL KEV
Sophos Unified Threat Management < 9.511 - Remote Code Execution via WebAdmin SID Parameter
CVSS 9.8
CVE-2020-3417 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.8
CVE-2020-3403 HIGH
Cisco IOS XE - Privilege Escalation
CVSS 7.8
CVE-2020-24365 HIGH
Gemtek WRTM-127ACN/WRTM-127x9 - Command Injection
CVSS 8.8
CVE-2020-16148 HIGH
Telmat AccessLog < 6.0(TAL_20180415) - Authenticated Remote Code Execution via Ping Page
CVSS 7.2
CVE-2020-16147 CRITICAL
Telmat AccessLog <= 6.0(TAL_20180415) - Unauthenticated Remote Code Execution via Login Page
CVSS 9.8
CVE-2020-11699 HIGH
SpamTitan 7.07 - Authenticated Remote Code Execution via certs-x.php fname Parameter
CVSS 8.8
CVE-2020-2276 HIGH
Jenkins Selection tasks Plugin <1.0 - Command Injection
CVSS 8.8
CVE-2020-2261 HIGH
Jenkins Perfecto Plugin <1.17 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,020
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits