CWE-78
High likelihoodImproper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
6,034 vulnerabilities with CWE-78
CVE-2019-5127
CRITICAL
YouPHPTube Encoder <2.3 - Command Injection
CVSS 9.8
CVE-2019-13653
CRITICAL
TP-Link M7350 <1.0.16 - Command Injection
CVSS 9.8
CVE-2019-13652
CRITICAL
TP-Link M7350 <1.0.16 - Command Injection
CVSS 9.8
CVE-2019-13651
CRITICAL
TP-Link M7350 <1.0.16 - Command Injection
CVSS 9.8
CVE-2019-13650
CRITICAL
TP-Link M7350 <1.0.16 - Command Injection
CVSS 9.8
CVE-2019-13649
CRITICAL
TP-Link M7350 <1.0.16 - Command Injection
CVSS 9.8
CVE-2019-18370
CRITICAL
Millet Router 3G Firmware < 2.28.23 - OS Command Injection
CVSS 9.8
CVE-2019-16965
HIGH
FusionPBX < 4.5.7 - Authenticated OS Command Injection via cmd.php
CVSS 7.2
CVE-2019-16964
HIGH
FusionPBX < 4.5.7 - Authenticated OS Command Injection in Call Center Queue Module
CVSS 8.8
CVE-2019-17526
CRITICAL
SageMath Sage Cell Server - OS Command Injection via Python Code Execution
CVSS 9.8
CVE-2019-14423
HIGH
eq-3 CUx-Daemon 1.11a-2.2.0 - Authenticated Remote Code Execution via HTTP Request
CVSS 8.8
CVE-2019-15277
MEDIUM
Cisco TelePresence Collaboration Endpoint < 9.8.0 - Authenticated OS Command Injection
CVSS 6.7
CVE-2019-15275
MEDIUM
Cisco TelePresence Collaboration Endpoint < 9.8.1 - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2019-15274
MEDIUM
Cisco TelePresence Collaboration Endpoint < 9.8.1 - Authenticated OS Command Injection via CLI
CVSS 6.7
CVE-2019-17625
CRITICAL
Rambox 0.6.9 - Stored Cross-Site Scripting and OS Command Injection via Service Name Field
CVSS 9.0
CVE-2019-17501
HIGH
Centreon 19.04 - OS Command Injection via Command Line Field
CVSS 8.8
CVE-2019-17510
CRITICAL
D-Link DIR-846 Firmware 100A35 - Authenticated OS Command Injection via SetWizardConfig HNAP1 Request
CVSS 9.8
CVE-2019-17509
CRITICAL
D-Link DIR-846 Firmware 100A35 - Authenticated OS Command Injection via SetMasterWLanSettings HNAP1 Request
CVSS 9.8
CVE-2019-17508
CRITICAL
D-Link DIR-859 A3-1.06 and DIR-850 A1.13 - OS Command Injection via DEVICE.TIME.php
CVSS 9.8
CVE-2019-17059
CRITICAL
Sophos Cyberoam < 10.6.6 - OS Command Injection via Web Admin and SSL VPN Consoles
CVSS 9.8
CVE-2019-17499
HIGH
Compal CH7465LG 6.12.18.25-2p4 - Authenticated OS Command Injection via Target_IP Parameter
CVSS 8.8
CVE-2019-11527
HIGH
Softing uaGate SI <1.60.01 - Command Injection
CVSS 8.8
CVE-2019-15014
HIGH
Zingbox Inspector < 1.286 - Authenticated OS Command Injection via CLI
CVSS 8.8
CVE-2019-15715
HIGH
MantisBT < 1.3.20 - Authenticated Remote Code Execution via Command Injection
CVSS 7.2
CVE-2019-13051
HIGH
Pi-hole 4.3 - OS Command Injection
CVSS 8.8
Details
Vulnerabilities
6,034
Exploit Likelihood
High