CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,036 vulnerabilities with CWE-78
CVE-2019-15715 HIGH
MantisBT < 1.3.20 - Authenticated Remote Code Execution via Command Injection
CVSS 7.2
CVE-2019-13051 HIGH
Pi-hole 4.3 - OS Command Injection
CVSS 8.8
CVE-2019-17107 HIGH
Centreon Web < 2.8.27 - Authenticated OS Command Injection via minPlayCommand.php command_hostaddress Parameter
CVSS 8.8
CVE-2019-12812 CRITICAL
MyBuilder < 6.2.2019.814 - OS Command Injection via Crafted Configuration File
CVSS 9.8
CVE-2019-12811 CRITICAL
MyBuilder < 6.2.2019.814 - OS Command Injection via ShellOpen Method
CVSS 9.8
CVE-2019-15746 CRITICAL
SITOS six v6.2.1 - OS Command Injection
CVSS 9.8
CVE-2019-17269 CRITICAL
Intellian Remote Access 3.18 - OS Command Injection via Ping Test Field
CVSS 9.8
CVE-2019-15036 HIGH
JetBrains TeamCity 2018.2.4 - Authenticated OS Command Injection
CVSS 7.2
CVE-2019-12699 HIGH
Cisco Firepower 9300 Firmware - Authenticated OS Command Injection via CLI Arguments
CVSS 7.8
CVE-2019-12690 HIGH
Cisco Secure Firewall Management Center < 6.3.0.5 - Authenticated OS Command Injection
CVSS 7.2
CVE-2019-13025 CRITICAL
Compal CH7465LG CH7465LG-NCIP-6.12.18.24-5p8-NOSH - OS Command Injection via Backend API Endpoint
CVSS 9.8
CVE-2019-16920 CRITICAL KEV
D-Link DIR-655 Firmware < 3.02b05 - Unauthenticated Remote Code Execution via PingTest CGI
CVSS 9.8
CVE-2019-12091 HIGH
Netskope Client 57-57.2.0.219 and 60-60.2.0.214 - Local Command Injection via Network Connection Handling
CVSS 7.8
CVE-2019-12717 HIGH
Cisco NX-OS 6.0(2)-7.0(3)I7(6) - Authenticated OS Command Injection via VMAN CLI Command
CVSS 7.8
CVE-2019-12709 MEDIUM
Cisco IOS XR 5.1.0-6.5.2 - Authenticated OS Command Injection via VMAN CLI Command
CVSS 6.7
CVE-2019-12661 MEDIUM
Cisco IOS XE - Authenticated OS Command Injection via VMAN CLI Command
CVSS 6.7
CVE-2019-12651 HIGH
Cisco IOS XE - Authenticated Remote Command Execution via Web UI
CVSS 8.8
CVE-2019-12650 HIGH
Cisco IOS XE - Authenticated OS Command Injection via Web UI
CVSS 8.8
CVE-2019-16701 HIGH
pfSense 2.3.4-2.4.4-p3 - Remote Code Execution via pfsense.exec_php MethodCall
CVSS 8.8
CVE-2019-16718 HIGH
radare2 < 3.9.0 - OS Command Injection via Crafted Executable Symbol Names
CVSS 7.8
CVE-2019-15000 CRITICAL
Bitbucket OS Command Injection via Commit Diff Rest Endpoint
CVSS 9.8
CVE-2019-16057 CRITICAL KEV
D-Link DNS-320 Firmware < 2.05.b10 - OS Command Injection via login_mgr.cgi
CVSS 9.8
CVE-2019-5485 CRITICAL
gitlabhook 0.0.17 - OS Command Injection via Repository Name
CVSS 10.0
CVE-2019-5315 HIGH
ArubaOS 8.0.0.0-8.2.2.0 - Authenticated OS Command Injection
CVSS 7.2
CVE-2019-16293 HIGH
Open-AudIT <3.2.0 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,036
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits