CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,022 vulnerabilities with CWE-78
CVE-2020-11766 HIGH
AvantFAX 3.3.0-3.3.5 & HylaFAX Enterprise 0.2.0-0.2.4 - OS Command Injection via sendfax.php
CVSS 8.8
CVE-2020-2014 HIGH
PAN-OS 7.1.0-7.1.25 - Authenticated OS Command Injection
CVSS 8.8
CVE-2020-2010 HIGH
PAN-OS 7.1.0-7.1.25 - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-2008 HIGH
PAN-OS 7.1.0-7.1.25 and 8.0 - Authenticated OS Command Injection and Arbitrary File Deletion
CVSS 7.2
CVE-2020-2007 HIGH
PAN-OS 7.1.0-7.1.25 - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-10795 HIGH
Gira TKS-IP-Gateway 4.0.7.7 - Authenticated RCE
CVSS 7.2
CVE-2020-4428 CRITICAL KEV
IBM Data Risk Manager 2.0.1-2.0.4 - Authenticated OS Command Injection
CVSS 9.1
CVE-2020-7805 CRITICAL
KT Slim egg IML500 and IML520 Firmware < 29.8.2018 - OS Command Injection
CVSS 9.8
CVE-2020-7646 CRITICAL
curlrequest < 1.0.1 - Arbitrary File Read via File Parameter
CVSS 9.8
CVE-2020-6651 HIGH
Eaton Intelligent Power Manager < 1.67 - OS Command Injection via Configuration File Import
CVSS 8.8
CVE-2020-5332 HIGH
RSA Archer < 6.7.0.3 - Authenticated OS Command Injection
CVSS 7.2
CVE-2020-12109 HIGH
TP-Link NC200/NC210/NC220/NC230/NC250/NC260/NC450 Firmware - OS Command Injection via Bonjour Service
CVSS 8.8
CVE-2020-12641 CRITICAL KEV
Roundcube Webmail < 1.4.4 - Remote Code Execution via Shell Metacharacters in Image Configuration
CVSS 9.8
CVE-2020-12111 HIGH
TP-Link NC260 1.5.2 and NC450 1.5.3 - OS Command Injection
CVSS 8.8
CVE-2020-7645 CRITICAL
chrome-launcher < 0.13.2 - OS Command Injection via $HOME Environment Variable
CVSS 9.8
CVE-2020-7351 HIGH
Fonality Trixbox Community Edition 1.2.0-2.8.0.4 - OS Command Injection via endpoint_devicemap.php
CVSS 7.3
CVE-2020-11016 CRITICAL
IntelMQ Manager 1.1.0-2.1.1 - Authenticated OS Command Injection via Inspect-tool Send Functionality
CVSS 9.1
CVE-2020-7804 MEDIUM
Handy Groupware 1.7.3.1 - Command Injection
CVSS 6.4
CVE-2020-12246 HIGH
Beeline Smart Box Firmware 2.0.38 - OS Command Injection via Diagnostics Parameters
CVSS 8.8
CVE-2020-12078 HIGH
Open-AudIT 3.3.1 - OS Command Injection via Discovery Settings Exclude IP Parameter
CVSS 8.8
CVE-2020-7640 CRITICAL
pixl-class < 1.0.3 - OS Command Injection via Unsanitized Members Argument
CVSS 9.8
CVE-2020-11941 HIGH
Open-AudIT 3.2.2 - OS Command Injection in Discovery
CVSS 8.8
CVE-2020-12242 HIGH
Valve Source - Local Privilege Escalation via /tmp/hl2_relaunch File Execution
CVSS 7.8
CVE-2020-5868 CRITICAL
F5 BIG-IQ Centralized Management 6.0.0-7.0.0 - Remote Code Execution via HTTP Requests
CVSS 9.8
CVE-2020-8797 MEDIUM
Juplink RX4-1500 v1.0.3 - Command Injection
CVSS 6.7
Details
Vulnerabilities 6,022
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits