CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,020 vulnerabilities with CWE-78
CVE-2020-24552 MEDIUM
Atop Technology industrial - Command Injection
CVSS 5.5
CVE-2020-24916 CRITICAL
Yaws 1.81-2.0.7 - OS Command Injection via CGI Implementation
CVSS 9.8
CVE-2020-2038 HIGH
Palo Alto Networks Authenticated Remote Code Execution
CVSS 7.2
CVE-2020-2037 HIGH
PAN-OS 8.1.0-8.1.15 - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-14342 MEDIUM
cifs-utils 5.6-6.10 - OS Command Injection via Samba Password Request
CVSS 4.4
CVE-2020-7730 CRITICAL
bestzip < 2.1.7 - OS Command Injection via Options Parameter
CVSS 9.8
CVE-2020-3430 HIGH
Cisco Jabber 12.1-12.1.2 - Unauthenticated Remote Code Execution via Application Protocol Handler
CVSS 8.8
CVE-2020-13802 CRITICAL
rebar3 3.0.0-beta.3-3.13.2 - OS Command Injection via Dependency URL Parameter
CVSS 9.8
CVE-2020-24354 HIGH
Zyxel VMG5313-B30B - Shell Injection
CVSS 8.8
CVE-2020-7712 HIGH
json < 10.0.0 - OS Command Injection via parseLookup Function
CVSS 7.2
CVE-2020-3454 HIGH
Cisco NX-OS Software - Command Injection
CVSS 7.2
CVE-2020-15642 HIGH
Marvell QConvergeConsole < 5.5.00.73 - Remote Code Execution via GWTTestServiceImpl isHPSmartComponent
CVSS 8.8
CVE-2020-17384 HIGH
Cellopoint CelloOS <4.1.10 - Command Injection
CVSS 7.2
CVE-2020-24572 HIGH
RaspAP 2.5 - Authenticated OS Command Injection via Web Console
CVSS 8.8
CVE-2020-24057 HIGH
Verint S5120FD Firmware - Authenticated OS Command Injection via ipfilter.cgi Endpoint
CVSS 8.8
CVE-2020-24054 CRITICAL
Moog EXO Series - Command Injection
CVSS 9.8
CVE-2020-16282 HIGH
RangeeOS 8.0.4 - OS Command Injection
CVSS 8.8
CVE-2020-16279 CRITICAL
RangeeOS 8.0.4 - Remote Code Execution via Kommbox Component
CVSS 9.8
CVE-2020-17456 CRITICAL
SEOWON INTECH SLC-130,SLR-120S - RCE
CVSS 9.8
CVE-2020-24032 CRITICAL
LPAR2RRD/STOR2RRD 2.70 - Command Injection
CVSS 9.8
CVE-2020-23934 HIGH
RiteCMS 2.2.1 - Authenticated OS Command Execution via Filemanager PHP Upload
CVSS 8.8
CVE-2020-24220 HIGH
ShopXO 1.8.1 - OS Command Injection
CVSS 8.8
CVE-2020-8233 HIGH
EdgeSwitch <v1.9.0 - Command Injection
CVSS 8.8
CVE-2020-13122 HIGH
NoviFlow NoviWare <NW500.2.12 - Command Injection
CVSS 8.8
CVE-2020-16205 HIGH
Geutebruck G-Cam and G-Code Firmware <= 1.12.0.25 - Authenticated Remote Command Execution via Crafted URL
CVSS 7.2
Details
Vulnerabilities 6,020
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits