CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,026 vulnerabilities with CWE-78
CVE-2019-25243 HIGH
FaceSentry 6.4.8 - Command Injection
CVSS 8.8
CVE-2019-25224 CRITICAL
WP Database Backup <5.2 - Command Injection
CVSS 9.8
CVE-2019-16639 CRITICAL
Ruijie EG-2000SE Firmware EG_RGOS 11.9 B11P1 - Unauthenticated OS Command Injection via newcli.php API
CVSS 9.8
CVE-2019-25158 MEDIUM
pedroetb tts-api <2.1.4 - Code Injection
CVSS 5.5
CVE-2019-25066 MEDIUM
ajenti <2.1.31 - Privilege Escalation
CVSS 6.3
CVE-2019-25065 MEDIUM
OpenNetAdmin 18.1.1 - Privilege Escalation
CVSS 6.3
CVE-2019-25022 CRITICAL
Scytl sVote 2.1 - OS Command Injection via Election Event Alias
CVSS 9.8
CVE-2019-25024 CRITICAL
OpenRepeater <2.2 - Command Injection
CVSS 9.8
CVE-2019-14479 HIGH
AdRem NetCrunch 10.6.0.4587 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2019-7198 CRITICAL
QNAP QTS and QuTS hero - OS Command Injection
CVSS 9.8
CVE-2019-14904 HIGH
Ansible < 2.7.15 - OS Command Injection via Solaris Zone Name Parameter
CVSS 7.3
CVE-2019-15311 CRITICAL
Zolo Halo Linkplay Firmware - Unauthenticated Remote Code Execution via /httpapi.asp Endpoint
CVSS 9.8
CVE-2019-15310 CRITICAL
Linkplay - Unauthenticated Remote Code Execution via XML Parsing in Firmware Update
CVSS 9.8
CVE-2019-16213 HIGH
Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 - Command Injection
CVSS 8.8
CVE-2019-14894 HIGH
CloudForms Management Engine 5.10-5.11 - Authenticated Remote Code Execution via NFS Schedule Backup
CVSS 8.0
CVE-2019-20807 MEDIUM
vim < 8.1.0881 - OS Command Injection via Scripting Interfaces
CVSS 5.3
CVE-2019-19220 HIGH
BMC Control-M/Agent 7.0.00.000 - Command Injection
CVSS 8.8
CVE-2019-19217 HIGH
BMC Control-M/Agent 7.0.00.000 - Command Injection
CVSS 8.8
CVE-2019-5623 CRITICAL
Accellion File Transfer Appliance FTA_8_0_540 - OS Command Injection
CVSS 9.8
CVE-2019-19606 CRITICAL
X-Plane < 11.41 - Remote Command Execution via Crafted Network Packets
CVSS 9.8
CVE-2019-19034 HIGH
Zoho ManageEngine Asset Explorer 6.5 - Command Injection
CVSS 7.2
CVE-2019-12767 CRITICAL
D-Link DAP-1650 Firmware < 1.04b02_j65h - OS Command Injection
CVSS 9.8
CVE-2019-19148 CRITICAL
Tellabs Optical Line Terminal 1150 Firmware - Remote Code Execution via TELNET/SSH -l Option
CVSS 9.8
CVE-2019-19487 HIGH
Centreon <19.04.4 - Command Injection
CVSS 8.8
CVE-2019-16072 CRITICAL
NETSAS Enigma NMS <65.0.0 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,026
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits