CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2024-13087 MEDIUM
QHora - Command Injection
CVSS 6.7
CVE-2024-42922 MEDIUM
aapanel < 7.0.7 - OS Command Injection
CVSS 6.5
CVE-2024-6486 HIGH
ImageMagick Engine <1.7.11 - Command Injection
CVSS 7.2
CVE-2024-6032 HIGH
Tesla Model S Firmware < 2024.8 - OS Command Injection in ql_atfwd Process
CVSS 7.8
CVE-2024-54025 MEDIUM
Fortinet FortiIsolator <2.4.6 - Code Injection
CVSS 6.7
CVE-2024-54024 HIGH
Fortinet FortiIsolator <2.4.6 - Command Injection
CVSS 7.2
CVE-2024-41790 CRITICAL
SENTRON 7KT PAC1260 Data Manager - Authenticated Remote Code Execution via Region Parameter
CVSS 9.1
CVE-2024-41789 CRITICAL
SENTRON 7KT PAC1260 Data Manager - Authenticated Remote Code Execution via Language Parameter
CVSS 9.1
CVE-2024-41788 CRITICAL
SENTRON 7KT PAC1260 Data Manager - Authenticated Remote Code Execution via GET Request Parameter Injection
CVSS 9.1
CVE-2024-49601 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.3
CVE-2024-49565 HIGH
Dell Unity <5.4 - Command Injection
CVSS 7.8
CVE-2024-49564 HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - Authenticated OS Command Injection
CVSS 7.8
CVE-2024-49563 HIGH
Dell Unity Operating Environment < 5.5.0.0.5.259 - Authenticated OS Command Injection
CVSS 7.8
CVE-2024-9053 CRITICAL
vllm 0.6.0 - Remote Code Execution via Unsafe Cloudpickle Deserialization
CVSS 9.8
CVE-2024-10019 MEDIUM
parisneo/lollms-webui V12 (Strawberry) - Path Traversal
CVSS 6.7
CVE-2024-55590 HIGH
FortiIsolator 2.4.0-2.4.5 - Authenticated OS Command Injection via CLI Commands
CVSS 8.8
CVE-2024-54018 HIGH
FortiSandbox <4.4.5 - Code Injection
CVSS 7.2
CVE-2024-52961 HIGH
FortiSandbox 3.0.0-4.0.5, 4.2.1-4.2.7, 4.4.0-4.4.6, 5.0.0 - Authenticated OS Command Injection
CVSS 8.8
CVE-2024-32123 MEDIUM
Fortinet FortiAnalyzer and FortiManager - OS Command Injection via CLI Requests
CVSS 6.7
CVE-2024-12010 HIGH
Zyxel DSL/ETHERNET CPE/FIBER ONT/WiFi Extender Firmware - Authenticated OS Command Injection via zyUtilMailSend
CVSS 7.2
CVE-2024-12009 HIGH
Zyxel DSL/ETH/ONT/Extender Firmware - Authenticated OS Command Injection via ZyEE Function
CVSS 7.2
CVE-2024-11253 HIGH
Zyxel DSL/ONT/Extender Firmware < 5.50(ABOM.8.5)C0 - Authenticated OS Command Injection via DNSServer Parameter
CVSS 7.2
CVE-2024-53700 HIGH
Qnap Qurouter - Command Injection
CVSS 7.2
CVE-2024-53692 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 4.7
CVE-2024-50390 CRITICAL
Qnap Qurouter - Command Injection
CVSS 9.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits