CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,026 vulnerabilities with CWE-78
CVE-2020-6760 CRITICAL
Schmid ZI 620 V400 VPN 090 - OS Command Injection via SSH Subcommand Menu
CVSS 9.8
CVE-2020-8515 CRITICAL KEV
DrayTek Vigor2960/Vigor3900/Vigor300B Beta - Unauthenticated Remote Code Execution via mainfunction.cgi
CVSS 9.8
CVE-2020-1931 HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Configuration Files
CVSS 8.1
CVE-2020-1930 HIGH
Apache SpamAssassin < 3.4.3 - OS Command Injection via Rule Configuration Files
CVSS 8.1
CVE-2020-8438 HIGH
Ruckus ZoneFlex R500 - Command Injection
CVSS 7.2
CVE-2020-7247 CRITICAL KEV
OpenSMTPD 6.6 - Remote Code Execution via MAIL FROM Field
CVSS 9.8
CVE-2020-7980 CRITICAL
Intellian Aptus Web 1.24 - OS Command Injection via Q Field in JSON Data
CVSS 9.8
CVE-2020-7596 HIGH
Codecov nodejs_uploader < 3.6.2 - Remote Code Execution via gcov-args Argument
CVSS 8.8
CVE-2020-7594 HIGH
MultiTech Conduit MTCDT-LVW2-24XX 1.4.17 OS Command Injection via Debug Ping
CVSS 7.2
CVE-2020-7244 HIGH
Comtech Stampede FX-1010 Firmware 7.4.3 - Authenticated Remote Code Execution via Poll Routes Router IP Address Field
CVSS 7.2
CVE-2020-7243 HIGH
Comtech Stampede FX-1010 Firmware 7.4.3 - Authenticated Remote Code Execution via Fetch URL Page
CVSS 7.2
CVE-2020-7242 HIGH
Comtech Stampede FX-1010 7.4.3 Authenticated RCE via Diagnostics Trace Route
CVSS 7.2
CVE-2020-7240 HIGH
Meinberg Lantime M300 and M1000 Firmware - Authenticated OS Command Injection via Extended Network Configuration Script
CVSS 8.8
CVE-2020-7237 HIGH
Cacti 1.2.8 - Authenticated Remote Code Execution via Performance Boost Debug Log Field
CVSS 8.8
CVE-2020-1609 HIGH
Junos OS - Remote Code Execution via Crafted IPv6 JDHCPD Relay Packets
CVSS 8.8
CVE-2020-1605 HIGH
Junos OS - Unauthenticated Remote Code Execution via Crafted IPv4 JDHCPD Relay Packets
CVSS 8.8
CVE-2020-1602 HIGH
Junos OS < 19.3R1 and Junos OS Evolved < 19.3R1 - Remote Code Execution via Crafted IPv4 JDHCPD Packets
CVSS 7.1
CVE-2020-5505 CRITICAL
Freelancy v1.0.0 - Command Injection
CVSS 9.8
CVE-2020-6948 CRITICAL
HashBrown CMS < 1.3.3 - Remote Code Execution via GitDeployer URL Parameter
CVSS 9.8
CVE-2020-6757 HIGH
Rasilient PixelStor 5000 Firmware K:4.0.1580-20150629 - Authenticated Remote Code Execution via name Parameter
CVSS 8.8
CVE-2020-6756 CRITICAL
Rasilient PixelStor 5000 K:4.0.1580-20150629 - Unauthenticated Remote Code Execution via lang Parameter
CVSS 9.8
CVE-2020-5179 HIGH
Comtech Stampede FX-1010 Firmware 7.4.3 - Authenticated OS Command Injection via Diagnostics Ping Target IP Field
CVSS 7.2
CVE-2019-25441 CRITICAL
thesystem 1.0 - Unauthenticated OS Command Injection via run_command Endpoint
CVSS 9.8
CVE-2019-25289 HIGH
SmartLiving SmartLAN <=6.x - Command Injection
CVSS 8.8
CVE-2019-25255 MEDIUM
VideoFlow DVP 2.10 - Authenticated RCE
CVSS 4.3
Details
Vulnerabilities 6,026
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits