CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,022 vulnerabilities with CWE-78
CVE-2020-2030 HIGH
PAN-OS 7.1.0-7.1.25 and 8.0.x-8.1.14 - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-5352 HIGH
Dell EMC Data Protection Advisor 6.4, 6.5, 18.1 - Authenticated OS Command Injection
CVSS 8.8
CVE-2020-8188 HIGH
Unifi Cloud Key Gen2 Plus/UNVR - Privilege Escalation
CVSS 8.8
CVE-2020-15489 CRITICAL
Wavlink WL-WN530HG4 M30HG4.V5030.191116 - Remote Code Execution via CGI Script Shell Metacharacter Injection
CVSS 9.8
CVE-2020-7688 HIGH
mversion < 2.0.1 - OS Command Injection via TagName Parameter
CVSS 8.4
CVE-2020-13619 CRITICAL
locutus_php < 2.0.11 - OS Command Injection via escapeshellarg
CVSS 9.8
CVE-2020-14947 HIGH
OCS Inventory NG 2.7 - Remote Code Execution via Shell Metacharacters in SNMP MIB File Handling
CVSS 8.8
CVE-2020-15415 CRITICAL KEV
DrayTek Vigor3900/Vigor2960/Vigor300B <1.5.1 - RCE
CVSS 9.8
CVE-2020-15362 CRITICAL
thingsSDK WiFi Scanner 1.0.1 - Code Injection
CVSS 9.8
CVE-2020-14414 HIGH
NeDi 1.9C - Remote Command Execution via pwsec.php pw Parameter
CVSS 8.8
CVE-2020-14412 HIGH
NeDi 1.9C - Remote Command Execution via System-Snapshot.php psw Parameter
CVSS 8.8
CVE-2020-14072 CRITICAL
MK-AUTH 19.01 - OS Command Injection via Admin Script Shell Metacharacters
CVSS 9.8
CVE-2020-13159 CRITICAL
Artica Proxy <4.30.000000 - Command Injection
CVSS 9.8
CVE-2020-4066 LOW
limdu < 0.9.5 - OS Command Injection via trainBatch Function
CVSS 3.8
CVE-2020-14950 HIGH
aaPanel < 6.6.6 - Authenticated OS Command Injection via Software Store ServiceAdmin Request
CVSS 8.8
CVE-2020-3336 HIGH
Cisco TelePresence Collaboration Endpoint Software - DoS
CVSS 7.2
CVE-2020-3279 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-3278 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-3277 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-3276 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-3275 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-3274 HIGH
Cisco Small Business - Command Injection
CVSS 7.2
CVE-2020-4469 CRITICAL
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Remote Code Execution via Crafted HTTP Command
CVSS 9.8
CVE-2020-14081 HIGH
TRENDnet TEW-827DRU Firmware < 2.06b04 - Authenticated OS Command Injection via apply.cgi send_log_email
CVSS 8.8
CVE-2020-14075 HIGH
TRENDnet TEW-827DRU Firmware < 2.06b04 - Authenticated OS Command Injection via apply.cgi
CVSS 8.8
Details
Vulnerabilities 6,022
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits