CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,020 vulnerabilities with CWE-78
CVE-2020-15608 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15607 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15606 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15435 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15434 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15433 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15432 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15431 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15430 CRITICAL
Webpanel - OS Command Injection
CVSS 9.8
CVE-2020-15429 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via ajax_crons user
CVSS 9.8
CVE-2020-15428 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via ajax_crons line
CVSS 9.8
CVE-2020-15427 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via disk_usage folderName
CVSS 9.8
CVE-2020-15426 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via migration serverip
CVSS 9.8
CVE-2020-15425 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via ajax_mod_security
CVSS 9.8
CVE-2020-15424 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via domain Parameter
CVSS 9.8
CVE-2020-15423 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via dominio Parameter
CVSS 9.8
CVE-2020-15422 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via archivo Parameter
CVSS 9.8
CVE-2020-15421 CRITICAL
CentOS Web Panel cwp-e17.0.9.8.923 - Root Command Injection via check_ip Parameter
CVSS 9.8
CVE-2020-15420 CRITICAL
CentOS Web Panel cwp-el7-0.9.8.891 - Root Command Injection via loader_ajax line
CVSS 9.8
CVE-2020-15778 HIGH
OpenSSH <= 8.3p1 - OS Command Injection via scp Destination Argument
CVSS 7.4
CVE-2020-15922 CRITICAL
Mida eFramework < 2.9.0 - Authenticated Remote Code Execution via OS Command Injection
CVSS 9.8
CVE-2020-15920 CRITICAL
Mida eFramework <= 2.9.0 - Unauthenticated Remote Code Execution via OS Command Injection
CVSS 9.8
CVE-2020-15631 HIGH
D-Link DAP-1860 Firmware < 1.04b01 - Authenticated OS Command Injection via HNAP SOAPAction Header
CVSS 8.0
CVE-2020-15477 CRITICAL
RaspberryTortoise < 2012-10-28 - Remote Code Execution via Unsanitized URI Parameter
CVSS 9.8
CVE-2020-15916 CRITICAL
Tenda AC15 AC1900 15.03.05.19 - OS Command Injection via lanIp Parameter
CVSS 9.8
Details
Vulnerabilities 6,020
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits