CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,022 vulnerabilities with CWE-78
CVE-2020-13851 HIGH
Pandora FMS Events Remote Command Execution
CVSS 8.8
CVE-2020-2029 HIGH
PAN-OS 7.1.0-7.1.25 - Authenticated OS Command Injection via Certificate Generation Request
CVSS 7.2
CVE-2020-2028 HIGH
PAN-OS 7.1.0-7.1.25 and 8.0 - Authenticated OS Command Injection via Certificate Upload in FIPS-CC Mode
CVSS 7.2
CVE-2020-13978 HIGH
Monstra CMS 3.0.4 - Authenticated OS Command Injection via Theme Module Chunk Edit
CVSS 7.2
CVE-2020-13976 HIGH
DD-WRT < 16214 - Authenticated OS Command Injection via Diagnostic Ping Host Field
CVSS 8.8
CVE-2020-3224 HIGH
Cisco IOS XE - Privilege Escalation
CVSS 8.8
CVE-2020-3212 HIGH
Cisco IOS XE - Authenticated Remote Code Execution via Web UI File Upload
CVSS 7.2
CVE-2020-3211 HIGH
Cisco IOS XE - Privilege Escalation
CVSS 7.2
CVE-2020-3210 MEDIUM
Cisco IOS - Authenticated OS Command Injection via VDS CLI Command Arguments
CVSS 6.7
CVE-2020-3207 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via Boot Options Processing
CVSS 6.7
CVE-2020-3205 HIGH
Cisco IOS for Industrial ISRs and CGR1000 - Unauthenticated OS Command Injection via Inter-VM Channel
CVSS 8.8
CVE-2020-13782 HIGH
D-Link DIR-865L Ax 1.20B01 Beta - OS Command Injection
CVSS 8.8
CVE-2020-4180 HIGH
IBM Security Guardium 11.1 - Authenticated OS Command Injection
CVSS 8.8
CVE-2020-2200 HIGH
Jenkins Play Framework Plugin <1.0.2 - Command Injection
CVSS 8.8
CVE-2020-13694 HIGH
QuickBox Community <2.5.5 & Pro <2.1.8 - Authenticated RCE via MySQL Injection
CVSS 8.8
CVE-2020-13448 HIGH
QuickBox <2.5.5-2.1.8 - Command Injection
CVSS 8.8
CVE-2020-8816 HIGH KEV
Pi-hole < 4.3.2 - Authenticated Remote Code Execution via DHCP Static Lease
CVSS 7.2
CVE-2020-11950 HIGH
VIVOTEK Network Cameras < 0222g - Authenticated OS Command Injection via Script Upload
CVSS 8.8
CVE-2020-8605 HIGH
Trend Micro InterScan Web Security Virtual Appliance 6.5 - RCE
CVSS 8.8
CVE-2020-12393 HIGH
Firefox ESR < 68.8 - Command Injection
CVSS 7.8
CVE-2020-8171 CRITICAL
AirMax AirOS <6.3.0 - Command Injection
CVSS 9.8
CVE-2020-13388 CRITICAL
jw.util < 2.3 - OS Command Injection via YAML Configuration Loading
CVSS 9.8
CVE-2020-1956 HIGH KEV
Apache Kylin 2.3.0-2.6.5 and 3.0.1 - OS Command Injection via RESTful API
CVSS 8.8
CVE-2020-13252 HIGH
Centreon <19.04.15 - Command Injection
CVSS 8.8
CVE-2020-13167 CRITICAL
Netsweeper < 6.4.3 - Unauthenticated Remote Code Execution via webadmin/tools/unixlogin.php
CVSS 9.8
Details
Vulnerabilities 6,022
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits