CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,020 vulnerabilities with CWE-78
CVE-2020-11733 MEDIUM
Spirent Avalanche and TestCenter <= 5.08 - Authenticated OS Command Injection via SSH Restricted Shell
CVSS 6.7
CVE-2020-12107 CRITICAL
VPNCrypt M10 2.6.5 - OS Command Injection via Web Portal Text Field
CVSS 9.8
CVE-2020-17505 HIGH
Artica proxy 4.30.000000 Auth Bypass service-cmds-peform Command Injection
CVSS 8.8
CVE-2020-17368 CRITICAL
Firejail <0.9.62 - Command Injection
CVSS 9.8
CVE-2020-13124 HIGH
SABnzbd 2.3.9-3.0.0Alpha2 - Command Injection
CVSS 8.8
CVE-2020-14324 CRITICAL
Red Hat CloudForms < 5.11.7.0 - Authenticated OS Command Injection via Infrastructure Migration Solution
CVSS 9.1
CVE-2020-17352 HIGH
Sophos XG Firewall <2020-08-05 - Command Injection
CVSS 8.8
CVE-2020-11852 HIGH
Micro Focus Secure Messaging Gateway < 2020-07-01 - Authenticated OS Command Injection via DKIM Key Management Page
CVSS 8.8
CVE-2020-7361 CRITICAL
EasyCorp ZenTao Pro < 8.8.2 - Authenticated OS Command Injection via Repo Create Path Parameter
CVSS 9.6
CVE-2020-7357 CRITICAL
Cayin CMS - Authenticated OS Command Injection via NTP_Server_IP Parameter
CVSS 9.6
CVE-2020-13404 HIGH
Atos-Sips <3.0.5 - Command Injection
CVSS 8.8
CVE-2020-13151 CRITICAL
Aerospike Database UDF Lua Code Execution
CVSS 9.8
CVE-2020-15467 HIGH
vns3 < 4.11.1 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2020-3377 MEDIUM
Cisco Data Center Network Manager - Authenticated OS Command Injection via Device Manager Input Field
CVSS 6.3
CVE-2020-14162 HIGH
Pi-Hole < 5.1 - OS Command Injection via setdns Command
CVSS 7.8
CVE-2020-12620 HIGH
Pi-hole < 5.0 - OS Command Injection via dns-servers.conf
CVSS 7.8
CVE-2020-5760 HIGH
Grandstream HT800 <1.0.17.5 - Command Injection
CVSS 7.8
CVE-2020-7698 HIGH
gerapy < 0.9.3 - OS Command Injection via project_configure Endpoint
CVSS 8.1
CVE-2020-15615 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15614 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15613 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15612 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15611 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15610 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15609 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Unauthenticated Remote Code Execution via ajax_dashboard.php service_stop Parameter
CVSS 9.8
Details
Vulnerabilities 6,020
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits