CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2024-54012 HIGH
Hanwha Vision QND-8080R - OS Command Injection
CVE-2024-14026 HIGH
QNAP QTS/QuTS hero - Command Injection
CVSS 7.8
CVE-2024-55021 HIGH
Weintek cMT-3072XH2 v2.1.53 - Auth Bypass
CVSS 7.5
CVE-2024-55020 CRITICAL
Weintek cMT-3072XH2 v2.1.53 - Command Injection
CVSS 9.8
CVE-2024-56808 HIGH
Media Streaming add-on <500.1.1.6 - Command Injection
CVSS 7.8
CVE-2024-58338 CRITICAL
Anevia Flamingo XL 3.2.9 - OS Command Injection via Traceroute Command
CVSS 10.0
CVE-2024-58314 HIGH
Atcom 100M IP Phones <2.7.x.x - Command Injection
CVSS 8.8
CVE-2024-14010 CRITICAL
Typora 1.7.4 - OS Command Injection via PDF Export Preferences
CVSS 9.8
CVE-2024-58294 HIGH
FreePBX 16 - Authenticated Remote Code Execution via API Module Generatedocs Endpoint
CVSS 8.8
CVE-2024-58287 HIGH
reNgine 2.2.0 - Authenticated Remote Code Execution via Nmap Command Parameter Injection
CVSS 8.8
CVE-2024-58286 CRITICAL
dizqueTV 1.5.3 - Remote Code Execution via FFMPEG Executable Path
CVE-2024-58278 HIGH
perl2exe <= V30.10C - Authenticated Arbitrary Code Execution via Packed Executable Argument
CVE-2024-14008 HIGH
Nagios XI < 2024R1.3.2 - Authenticated Remote Code Execution via WinRM Configuration Wizard
CVSS 7.2
CVE-2024-14005 HIGH
Nagios XI < 2024R1.2 - Authenticated OS Command Injection via Docker Wizard
CVSS 8.8
CVE-2024-14003 CRITICAL
Nagios XI < 2024R1.2 - Remote Code Execution via NRDP Server Plugin Parameter Injection
CVSS 9.8
CVE-2024-58274 HIGH
Hikvision CSMP iSecure Center - Command Injection
CVSS 8.3
CVE-2024-48891 HIGH
FortiSOAR 7.3.0-7.6.1 - Authenticated Local Privilege Escalation via OS Command Injection
CVSS 7.0
CVE-2024-45325 MEDIUM
Fortinet FortiDDoS-F <7.02 - Command Injection
CVSS 6.7
CVE-2024-46484 CRITICAL
TRENDnet TV-IP410 vA1.0R - OS Command Injection via testserv.cgi
CVSS 9.8
CVE-2024-13985 CRITICAL
Dahua EIMS <2240008 - Command Injection
CVE-2024-58257 MEDIUM
Huawei EnzoH W5611T Firmware - OS Command Injection
CVSS 5.7
CVE-2024-58256 MEDIUM
Huawei EnzoH W5611T Firmware - OS Command Injection
CVSS 4.5
CVE-2024-58255 MEDIUM
Huawei EnzoH-W5611T Firmware - OS Command Injection
CVSS 5.0
CVE-2024-53286 HIGH
Synology Router Manager < 1.3.1-9346 - Authenticated OS Command Injection in DDNS Record Functionality
CVSS 7.2
CVE-2024-13089 HIGH
Nozomi Networks Guardian - Command Injection
CVSS 7.2
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits