CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,034 vulnerabilities with CWE-78
CVE-2019-5072 HIGH
Tenda AC9 Router AC1200 - Command Injection
CVSS 7.8
CVE-2019-5071 HIGH
Tenda AC9 Router AC1200 - Command Injection
CVSS 7.8
CVE-2019-17650 HIGH
FortiClient < 6.2.1 - Local Privilege Escalation via Root Process Command Injection
CVSS 7.8
CVE-2019-18934 HIGH
Unbound 1.6.4-1.9.4 - Remote Code Execution via IPsec Module
CVSS 7.3
CVE-2019-19117 HIGH
PHICOMM K2(PSG1218) V22.5.9.163 - Command Injection
CVSS 8.8
CVE-2019-19041 HIGH
Xorux Lpar2RRD 6.11-Stor2RRD 2.61 - Code Injection
CVSS 7.2
CVE-2019-15800 CRITICAL
Zyxel GS1900 Firmware < 2.50 - OS Command Injection via libclicmd.so Functions
CVSS 9.8
CVE-2019-15351 HIGH
Tecno Camon H622 - Unauthenticated OS Command Injection via com.lovelyfont.manager.FontCoverService
CVSS 7.8
CVE-2019-15348 HIGH
TECNO Camon H612 - Unauthenticated OS Command Injection via com.lovelyfont.manager.FontCoverService
CVSS 7.8
CVE-2019-15347 HIGH
Tecno Camon iClick 2 Firmware - Unauthenticated OS Command Injection via com.lovelyfont.defcontainer FontCoverService
CVSS 7.8
CVE-2019-15343 HIGH
Tecno Camon iClick Firmware - Unauthenticated OS Command Injection via com.lovelyfont.defcontainer FontCoverService
CVSS 7.8
CVE-2019-15342 HIGH
Tecno Camon iAir 2 Plus Firmware - Unauthenticated OS Command Injection via FontCoverService Logcat Message
CVSS 7.8
CVE-2019-5029 CRITICAL
Exhibitor Web UI <1.7.1 - Command Injection
CVSS 9.8
CVE-2019-18839 CRITICAL
FUDForum 3.0.9 - Stored Cross-Site Scripting and Remote Code Execution via nlogin Parameter
CVSS 9.0
CVE-2019-18873 CRITICAL
FUDForum 3.0.9 - Stored Cross-Site Scripting and Remote Code Execution via User-Agent Header
CVSS 9.0
CVE-2019-8159 HIGH
Magento 2.2-2.2.9 and 2.3-2.3.2 - Authenticated Remote Code Execution via Arbitrary File Deletion
CVSS 8.8
CVE-2019-15588 HIGH
Nexus Repository Manager <= 2.14.14 - OS Command Injection via CommandLineExecutor.java
CVSS 7.2
CVE-2019-18396 HIGH
Technicolor TD5130v2 Firmware - OS Command Injection via Ping Module pingAddr Parameter
CVSS 7.2
CVE-2019-15710 HIGH
FortiExtender < 4.1.1 - Authenticated OS Command Injection via CLI Execute Date Command
CVSS 7.2
CVE-2019-18424 MEDIUM
Xen < 4.12.1 - Privilege Escalation via DMA in PCI Passthrough
CVSS 6.8
CVE-2019-14931 CRITICAL
Mitsubishielectric Smartrtu Firmware < 2.02 - OS Command Injection
CVSS 9.8
CVE-2019-16663 HIGH
rconfig 3.9.2 - OS Command Injection via catCommand Parameter
CVSS 8.8
CVE-2019-16662 CRITICAL
rconfig 3.9.2 - OS Command Injection via ajaxServerSettingsChk.php rootUname Parameter
CVSS 9.8
CVE-2019-5129 CRITICAL
YouPHPTube Encoder <2.3 - Command Injection
CVSS 9.8
CVE-2019-5128 CRITICAL
YouPHPTube Encoder <2.3 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,034
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits