CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,034 vulnerabilities with CWE-78
CVE-2019-17364 CRITICAL
Petalk AI and Petwant PF-103 Firmware - Remote Code Execution via processCommandUploadLog()
CVSS 9.8
CVE-2019-16737 CRITICAL
Petwant PF-103 <4.22.2.42, Petalk AI <3.2.2.30 - Command Injection
CVSS 9.8
CVE-2019-16733 CRITICAL
Petalk AI 3.2.2.30 and Petwant PF-103 4.22.2.42 - Remote Code Execution via processCommandSetUid
CVSS 9.8
CVE-2019-16730 CRITICAL
Petalk AI Firmware 3.2.2.30 - Remote Code Execution via processCommandUpgrade()
CVSS 9.8
CVE-2019-3989 CRITICAL
Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via Network Configuration Retrieval
CVSS 9.8
CVE-2019-3988 HIGH
Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via BSSID Parameter
CVSS 8.8
CVE-2019-3987 HIGH
Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via WiFi Configuration Key Parameter
CVSS 8.8
CVE-2019-3986 HIGH
Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via WiFi Configuration Encryption Parameter
CVSS 8.8
CVE-2019-3985 HIGH
Blink XT2 Sync Module Firmware < 2.13.11 - Remote Code Execution via SSID Parameter
CVSS 8.8
CVE-2019-4715 HIGH
IBM Spectrum Scale <5.1 - Command Injection
CVSS 8.8
CVE-2019-19604 HIGH
Git <2.20.2-2.24.1 - Command Injection
CVSS 7.8
CVE-2019-14889 HIGH
libssh < 0.9.3 and < 0.8.8 - OS Command Injection via SCP Path Parameter
CVSS 8.8
CVE-2019-17270 CRITICAL
Yachtcontrol < 2019-10-06 - Unauthenticated OS Command Injection via systemcall.php Command Parameter
CVSS 9.8
CVE-2019-19642 HIGH
SuperMicro X8STi-F - Command Injection
CVSS 8.8
CVE-2019-19609 HIGH
Strapi < 3.0.0-beta.17.8 - Remote Code Execution via Plugin Install/Uninstall
CVSS 7.2
CVE-2019-19469 HIGH
Zmanda Management Console <3.3.9 - CSRF
CVSS 8.8
CVE-2019-18184 CRITICAL
Crestron DMC-STRO 1.0 - Remote Command Execution via Ping Function
CVSS 9.8
CVE-2019-15298 HIGH
Centreon Web 2.8.1-2.8.29 - Authenticated OS Command Injection via MIB Upload mnftr Parameter
CVSS 8.8
CVE-2019-16242 MEDIUM
TCL Alcatel Cingular Flip 2 B9HUAH1 - Command Injection
CVSS 6.8
CVE-2019-12489 CRITICAL
Fastweb Askey RTV1907VW Firmware 0.00.81_FW_200_Askey - OS Command Injection via USB Remove Service Mount Parameter
CVSS 9.8
CVE-2019-15997 MEDIUM
Cisco DNA Spaces: Connector - Command Injection
CVSS 6.7
CVE-2019-15996 MEDIUM
Cisco DNA Spaces: Connector - Privilege Escalation
CVSS 6.7
CVE-2019-15986 MEDIUM
Cisco Unity Express - Command Injection
CVSS 6.7
CVE-2019-18910 MEDIUM
Citrix Receiver - Command Injection
CVSS 6.8
CVE-2019-18909 HIGH
HP ThinPro - OS Command Injection
CVSS 8.0
Details
Vulnerabilities 6,034
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits