CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,026 vulnerabilities with CWE-78
CVE-2019-12132 CRITICAL
ONAP SDNC < 4.0.0 - Unauthenticated OS Command Injection via sla/dgUpload Filename Parameter
CVSS 9.8
CVE-2019-12123 HIGH
ONAP SDNC <Dublin - Command Injection
CVSS 8.8
CVE-2019-12113 HIGH
ONAP SDNC <Dublin - Command Injection
CVSS 8.8
CVE-2019-12112 CRITICAL
ONAP SDNC <Dublin - Command Injection
CVSS 9.8
CVE-2019-11689 HIGH
ASUSTOR exFAT Driver <1.0.0.r20 - Code Injection
CVSS 8.1
CVE-2019-19940 HIGH
Swisscom Centro Grande Firmware < 6.14.06 - Authenticated OS Command Injection via Text Interface
CVSS 7.2
CVE-2019-15708 MEDIUM
FortiAP < 6.0.5 and FortiAP-U < 6.0.0 - Authenticated OS Command Injection via ifconfig Command
CVSS 6.7
CVE-2019-11355 HIGH
Poly HDX 3.1.13 - Command Injection
CVSS 7.2
CVE-2019-5171 HIGH
WAGO PFC 200 Firmware <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5170 HIGH
WAGO PFC 200 Firmware <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5169 HIGH
WAGO PFC 200 Firmware <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5175 HIGH
WAGO PFC 200 Firmware <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5174 HIGH
WAGO PFC 200 <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5173 HIGH
WAGO PFC 200 Firmware <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5172 HIGH
WAGO PFC 200 Firmware <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5168 HIGH
WAGO PFC 200 <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5167 HIGH
WAGO PFC 200 <03.02.02(14) - Command Injection
CVSS 7.8
CVE-2019-5157 HIGH
WAGO PFC200 <3.02.02-3.00.39 - Command Injection
CVSS 7.2
CVE-2019-5156 HIGH
WAGO PFC200 <3.02.02-3.00.39 - Command Injection
CVSS 7.2
CVE-2019-5155 HIGH
WAGO PFC200 Firmware 03.00.39(12)-03.02.02(14) - OS Command Injection via Firmware Update Parameters
CVSS 7.2
CVE-2019-10807 CRITICAL
blamer < 1.0.1 - OS Command Injection via Argument Injection
CVSS 9.8
CVE-2019-9859 HIGH
Vesta Control Panel <0.9.8-23 - Command Injection
CVSS 8.8
CVE-2019-20504 CRITICAL
Quest KACE Systems Management < 6.4.120822 - Remote Code Execution via kuid Parameter
CVSS 9.8
CVE-2019-17642 HIGH
Centreon 18.0.0-18.10.8 - Unauthenticated Remote Code Execution via Autodiscovery Plugin CSRF
CVSS 8.8
CVE-2019-20501 HIGH
D-Link DWL-2600AP < 4.2.0.15 - Authenticated OS Command Injection via Firmware Upgrade Parameters
CVSS 7.8
Details
Vulnerabilities 6,026
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits