CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,036 vulnerabilities with CWE-78
CVE-2019-10392 HIGH
Jenkins Git Client Plugin < 2.8.4 - OS Command Injection via Git ls-remote URL Argument
CVSS 8.8
CVE-2019-10669 HIGH
LibreNMS < 1.47 - OS Command Injection via collectd.inc.php
CVSS 7.2
CVE-2019-10891 CRITICAL
D-Link DIR-806 Firmware - OS Command Injection via HNAP HTTP Header
CVSS 9.8
CVE-2019-15029 HIGH
FusionPBX 4.4.8 - Authenticated Remote Code Execution via service_edit.php Command Injection
CVSS 8.8
CVE-2019-15949 HIGH KEV
Nagios XI < 5.6.6 - Authenticated Remote Command Execution via getprofile.sh
CVSS 8.8
CVE-2019-5475 HIGH
Sonatype Nexus Repository Manager 2.0-2.14.8 - Remote Code Execution via Yum Configuration Capability
CVSS 8.8
CVE-2019-11364 HIGH
Snare Central <7.4.5 - Command Injection
CVSS 7.2
CVE-2019-15701 HIGH
BloodHound 2.2.0 - Remote Code Execution via GPO Name with JavaScript in Search Autocomplete
CVSS 8.8
CVE-2019-15503 CRITICAL
ProntusCMS < 12.0.3.0 - OS Command Injection via prontus_videocut.cgi GET Parameter
CVSS 9.8
CVE-2019-1581 CRITICAL
PAN-OS <7.1.24-h1, 7.1.25; 8.0 <8.0.19-h1, 8.0.20; 8.1 <8.1.9-h4, 8...
CVSS 9.8
CVE-2019-15530 HIGH
D-Link DIR-823G Firmware V1.0.2B05 - Authenticated OS Command Injection via HNAP1 LoginPassword Field
CVSS 8.8
CVE-2019-15529 HIGH
D-Link DIR-823G Firmware V1.0.2B05 - Authenticated OS Command Injection via HNAP1 Username Field
CVSS 8.8
CVE-2019-15528 HIGH
D-Link DIR-823G Firmware V1.0.2B05 - Authenticated OS Command Injection via HNAP1 SetStaticRouteSettings Interface Field
CVSS 8.8
CVE-2019-15527 HIGH
D-Link DIR-823G Firmware V1.0.2B05 - Authenticated OS Command Injection via HNAP1 MaxIdTime Field
CVSS 8.8
CVE-2019-15526 HIGH
D-Link DIR-823G Firmware V1.0.2B05 - Authenticated OS Command Injection via SetWanSettings Type Field
CVSS 8.8
CVE-2019-15490 CRITICAL
openITCOCKPIT < 3.7.1 - OS Command Injection
CVSS 9.8
CVE-2019-13139 HIGH
Docker < 18.09.4 - OS Command Injection via Git Clone Command
CVSS 8.4
CVE-2019-15060 HIGH
TP-Link TL-WR840N Firmware <= 0.9.1_3.16 - Remote Code Execution via Traceroute IP Address Input
CVSS 8.8
CVE-2019-1896 HIGH
Cisco Integrated Management Controller Supervisor 2.0.0.0-2.0(13o) - Authenticated OS Command Injection via CSR Function
CVSS 7.2
CVE-2019-1885 HIGH
Cisco IMC Supervisor 3.0.0.0-3.0(4k) - Authenticated RCE via Redfish
CVSS 7.2
CVE-2019-1883 HIGH
Cisco Integrated Management Controller Supervisor 3.0.0.0-3.0(4k) - Authenticated OS Command Injection via CLI
CVSS 7.8
CVE-2019-1865 HIGH
Cisco IMC Software - Command Injection
CVSS 8.8
CVE-2019-1864 HIGH
Cisco IMC Software - Command Injection
CVSS 8.8
CVE-2019-1850 HIGH
Cisco IMC Software - Command Injection
CVSS 7.2
CVE-2019-1839 MEDIUM
Cisco Remote PHY Device Software - Command Injection
CVSS 6.7
Details
Vulnerabilities 6,036
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits