CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,038 vulnerabilities with CWE-78
CVE-2019-11409 HIGH
FusionPBX 4.4.3 - Command Injection
CVSS 8.8
CVE-2019-12181 HIGH
Serv-U FTP Server prepareinstallation Privilege Escalation
CVSS 8.8
CVE-2019-12840 HIGH
Webmin < 1.910 - Authenticated Remote Command Execution via Package Updates Module
CVSS 8.8
CVE-2019-12839 HIGH
OrangeHRM < 4.3.1 - Authenticated OS Command Injection via txtSendmailPath Parameter
CVSS 8.8
CVE-2019-3412 CRITICAL
ZTE MF920 Firmware <= BD_R218V2.4 - OS Command Injection via Unverified Interface Parameters
CVSS 9.8
CVE-2019-3409 CRITICAL
ZTE WF820+ LTE Outdoor CPE Firmware < 1.0.0b06 - Unauthenticated OS Command Injection
CVSS 9.0
CVE-2019-12787 HIGH
D-Link DIR-818LW 2.05.B03-2.06B01 BETA - OS Command Injection via HNAP1 SetWanSettings Gateway Key
CVSS 8.8
CVE-2019-12780 CRITICAL
Belkin Crock-Pot Smart Slow Cooker with WeMo Firmware - Unauthenticated OS Command Injection via SmartDevURL Argument
CVSS 9.8
CVE-2019-12771 CRITICAL
ThinStation < 6.1.1 - OS Command Injection via CdControl.cgi or VolControl.cgi Parameters
CVSS 9.8
CVE-2019-9156 HIGH
Gemalto ezio_ds3_server < 3.1.0 - OS Command Injection
CVSS 8.0
CVE-2019-12739 CRITICAL
Nextcloud Extract < 1.2.0 - Remote Code Execution via RAR Filename Shell Metacharacters
CVSS 9.0
CVE-2019-12735 HIGH
Vim < 8.1.1365 and Neovim < 0.3.6 - OS Command Injection via Modeline :source! Command
CVSS 8.6
CVE-2019-10149 CRITICAL KEV
Exim 4.87 - 4.91 Local Privilege Escalation
CVSS 9.8
CVE-2019-10883 CRITICAL
Citrix SD-WAN Center 10.1.0-10.1.2 and NetScaler SD-WAN Center 9.1-9.3.6 - OS Command Injection
CVSS 9.8
CVE-2019-6739 HIGH
Malwarebytes Antimalware 3.6.1.2711 - Remote Code Execution via URI Scheme Handling
CVSS 8.8
CVE-2019-6738 HIGH
Bitdefender SafePay 23.0.10.34 - Remote Code Execution via TIScript Launch Method
CVSS 8.8
CVE-2019-6736 HIGH
Bitdefender SafePay 23.0.10.34 - Remote Code Execution via tiscript System.Exec Method
CVSS 8.8
CVE-2019-12585 CRITICAL
apcupsd 0.3.91_5 - OS Command Injection in apcupsd_status.php
CVSS 9.8
CVE-2019-9653 CRITICAL
NUUO Network Video Recorder <3.3.x - RCE
CVSS 9.8
CVE-2019-10048 HIGH
Pydio < 8.2.2 - Authenticated OS Command Injection via ImageMagick Plugin Configuration
CVSS 7.2
CVE-2019-12272 CRITICAL
OpenWrt LuCI <0.10 - Command Injection
CVSS 9.8
CVE-2019-1768 MEDIUM
Cisco NX-OS < 8.3(1) - Authenticated Command Injection via CLI Command Argument
CVSS 6.7
CVE-2019-1778 MEDIUM
Cisco NX-OS < 7.0(3)I4(9) - Authenticated OS Command Injection via CLI Command Argument
CVSS 6.7
CVE-2019-1776 MEDIUM
Cisco NX-OS < 8.2(2) - Authenticated OS Command Injection via CLI Command Argument
CVSS 6.7
CVE-2019-1775 MEDIUM
Cisco NX-OS 5.2-6.2(25) - Authenticated OS Command Injection via CLI Command Arguments
CVSS 6.7
Details
Vulnerabilities 6,038
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits