CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,022 vulnerabilities with CWE-78
CVE-2020-7621 CRITICAL
IBM StrongLoop Nginx Controller < 1.0.2 - OS Command Injection via _nginxCmd Function
CVSS 9.8
CVE-2020-7620 CRITICAL
pomelo-monitor <= 0.3.7 - OS Command Injection via ProcessMonitor Params
CVSS 9.8
CVE-2020-7619 CRITICAL
get-git-data < 1.3.1 - OS Command Injection via Argument Injection
CVSS 9.8
CVE-2020-11490 HIGH
zen_load_balancer 3.10.1 - Authenticated OS Command Injection via Certificate Parameters
CVSS 7.2
CVE-2020-4242 HIGH
IBM Spectrum Scale and Spectrum Protect Plus 10.1.0-10.1.5 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2020-4241 HIGH
IBM Spectrum Scale and Spectrum Protect Plus 10.1.0-10.1.5 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2020-4206 HIGH
IBM Spectrum Protect Plus 10.1.0-10.1.5 - Remote Code Execution via Improper Input Validation
CVSS 8.8
CVE-2020-10886 CRITICAL
TP-Link Archer A7 Firmware <190726 - RCE
CVSS 9.8
CVE-2020-10882 HIGH
TP-Link Archer A7 Firmware Ver: 190726 AC1750 - RCE
CVSS 8.8
CVE-2020-5282 HIGH
nick_chan_bot < 1.0.0-beta - OS Command Injection via npm Command
CVSS 7.2
CVE-2020-10789 CRITICAL
openITCOCKPIT <3.7.3 - Command Injection
CVSS 9.8
CVE-2020-5561 CRITICAL
Keijiban Tsumiki 1.15 - OS Command Injection
CVSS 9.8
CVE-2020-5560 CRITICAL
WL-Enq <1.11,1.12 - Command Injection
CVSS 9.8
CVE-2020-5556 CRITICAL
Shihonkanri Plus GOOUT <2.2.10 - RCE
CVSS 9.8
CVE-2020-10879 CRITICAL
rconfig < 3.9.5 - OS Command Injection via nodeId Parameter
CVSS 9.8
CVE-2020-10818 HIGH
Artica Proxy 4.26 - Command Injection
CVSS 7.2
CVE-2020-10808 HIGH
VestaCP <0.9.8-26 - Command Injection
CVSS 8.8
CVE-2020-3266 HIGH
Cisco SD-WAN Solution - Command Injection
CVSS 7.8
CVE-2020-10674 CRITICAL
PerlSpeak <2.01 - Command Injection
CVSS 9.8
CVE-2020-7607 CRITICAL
gulp-styledocco < 0.0.3 - OS Command Injection via Options Argument
CVSS 9.8
CVE-2020-7606 CRITICAL
docker-compose-remote-api <= 0.1.4 - OS Command Injection via Service Name Parameter
CVSS 9.8
CVE-2020-7605 CRITICAL
gulp-tape < 1.0.0 - OS Command Injection via Options Parameter
CVSS 9.8
CVE-2020-7604 CRITICAL
pulverizr < 0.7.0 - OS Command Injection via Unsanitized Filename in lib/job.js
CVSS 9.8
CVE-2020-7603 CRITICAL
closure-compiler-stream < 0.1.15 - OS Command Injection via Unsanitized Options Argument
CVSS 9.8
CVE-2020-7602 CRITICAL
node-prompt-here <= 1.0.1 - OS Command Injection via getDevices Function
CVSS 9.8
Details
Vulnerabilities 6,022
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits