CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,036 vulnerabilities with CWE-78
CVE-2019-12324 HIGH
Akuvox R50P <50.0.6.156 - Command Injection
CVSS 7.2
CVE-2019-12725 CRITICAL
ZeroShell 3.9.0 - Unauthenticated Remote Command Execution via HTTP Parameter Injection
CVSS 9.8
CVE-2019-1010245 CRITICAL
Linux Foundation ONOS SDN Controller <1.15 - RCE
CVSS 9.8
CVE-2019-13640 CRITICAL
qBittorrent <4.1.7 - Command Injection
CVSS 9.8
CVE-2019-12992 HIGH
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - OS Command Injection
CVSS 8.8
CVE-2019-12991 HIGH KEV
Citrix SD-WAN 10.2.0-10.2.2 and NetScaler SD-WAN 10.0.0-10.0.7 - OS Command Injection
CVSS 8.8
CVE-2019-12988 CRITICAL
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - OS Command Injection
CVSS 9.8
CVE-2019-12987 CRITICAL
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - OS Command Injection
CVSS 9.8
CVE-2019-12986 CRITICAL
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - OS Command Injection
CVSS 9.8
CVE-2019-12985 CRITICAL
Citrix SD-WAN 10.2.x < 10.2.3 and NetScaler SD-WAN 10.0.x < 10.0.8 - OS Command Injection
CVSS 9.8
CVE-2019-1576 HIGH
PAN-OS < 9.0.2 - Authenticated OS Command Injection
CVSS 8.8
CVE-2019-13598 CRITICAL
LuaUPnP - Vera Edge Home Controller <1.7.4452 - RCE
CVSS 9.8
CVE-2019-13597 CRITICAL
Sahi Pro 8.0.0 - Unauthenticated Remote Code Execution via Player_setScriptFile
CVSS 9.8
CVE-2019-13567 HIGH
Zoom < 4.4.53932.0709 - Remote Code Execution via Malicious Launch URL
CVSS 8.8
CVE-2019-13574 HIGH
MiniMagick < 4.9.4 - Remote Code Execution via Image.open Kernel#open Command Injection
CVSS 7.8
CVE-2019-12579 HIGH
Private Internet Access VPN Client v82 - Local Privilege Escalation via OpenVPN Launcher Parameter Injection
CVSS 7.8
CVE-2019-11062 CRITICAL
SUNNET WMPro 5.0-5.1 - Unauthenticated OS Command Injection via doajaxfileupload.php
CVSS 9.8
CVE-2019-13561 CRITICAL
D-Link DIR-655 C <3.02B05 BETA03 - RCE
CVSS 9.8
CVE-2019-13482 HIGH
D-Link DIR-818LW Firmware 2.06betab01 - Authenticated OS Command Injection via HNAP1 SetWanSettings Type Field
CVSS 8.8
CVE-2019-13481 HIGH
D-Link DIR-818LW Firmware 2.06betab01 - Authenticated OS Command Injection via HNAP1 MTU Field
CVSS 8.8
CVE-2019-0328 HIGH
SAP NetWeaver Process Integration - OS Command Injection
CVSS 7.2
CVE-2019-13278 CRITICAL
TRENDnet TEW-827DRU Firmware <= 2.04B03 - Unauthenticated OS Command Injection via Setup Wizard
CVSS 9.8
CVE-2019-13398 HIGH
Fortinet FCM-MB40 1.2.0.0 - OS Command Injection via CGI Script Parameters
CVSS 7.2
CVE-2019-1893 HIGH
Cisco Enterprise NFV Infrastructure Software - Command Injection
CVSS 7.8
CVE-2019-6621 HIGH
BIG-IP 11.5.2-11.5.8 and BIG-IQ 5.1.0-7.1.0.2 - Authenticated OS Command Injection via iControl REST Worker
CVSS 7.2
Details
Vulnerabilities 6,036
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits