CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

6,041 vulnerabilities with CWE-78
CVE-2018-19907 HIGH
Crafter CMS 3.0.18 - Command Injection
CVSS 8.8
CVE-2018-12317 HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-12316 HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-12313 CRITICAL
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 9.8
CVE-2018-12312 HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-12307 HIGH
ASUSTOR ADM <3.1.1 - Command Injection
CVSS 8.8
CVE-2018-4021 HIGH
Netgate pfSense CE 2.4.4-RELEASE - Authenticated OS Command Injection via powerd_battery_mode POST Parameter
CVSS 7.2
CVE-2018-4020 HIGH
Netgate pfSense CE 2.4.4-RELEASE - Authenticated OS Command Injection via powerd_ac_mode POST Parameter
CVSS 7.2
CVE-2018-4019 HIGH
Netgate pfSense CE 2.4.4-RELEASE - Authenticated OS Command Injection via powerd_normal_mode Parameter
CVSS 7.2
CVE-2018-14706 CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Command Injection
CVSS 9.8
CVE-2018-14701 CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Command Injection
CVSS 9.8
CVE-2018-14699 CRITICAL
Drobo 5N2 NAS <4.0.5-13.28.96115 - Command Injection
CVSS 9.8
CVE-2018-16863 HIGH
Ghostscript 9.07 - Remote Code Execution via PostScript Document
CVSS 7.3
CVE-2018-15716 HIGH
NUUO NVRMini2 3.9.1 - Authenticated Remote Command Injection via upgrade_handle.php
CVSS 8.8
CVE-2018-19290 CRITICAL
Budabot 0.6-4.0 - Remote Code Execution via HELPBOT_MODULE Command Injection
CVSS 9.8
CVE-2018-19646 CRITICAL
Imperva SecureSphere <13.2.10 - Command Injection
CVSS 9.8
CVE-2018-13418 HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php newname Parameter
CVSS 8.8
CVE-2018-13358 HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php checkName Parameter
CVSS 8.8
CVE-2018-13354 CRITICAL
TerraMaster TOS 3.1.03 - OS Command Injection via Event Parameter
CVSS 9.8
CVE-2018-13353 HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php checkport Parameter
CVSS 8.8
CVE-2018-13338 CRITICAL
TerraMaster TOS 3.1.03 - OS Command Injection via Username Parameter
CVSS 9.8
CVE-2018-13336 CRITICAL
TerraMaster TOS 3.1.03 - OS Command Injection via ajaxdata.php pwd Parameter
CVSS 9.8
CVE-2018-13330 HIGH
TerraMaster TOS 3.1.03 - OS Command Injection via Group Creation Groupname Parameter
CVSS 7.2
CVE-2018-16130 HIGH
Miwifi OS - OS Command Injection
CVSS 8.8
CVE-2018-14893 HIGH
ZyXEL NSA325 V2 <4.81 - Command Injection
CVSS 8.8
Details
Vulnerabilities 6,041
Exploit Likelihood High