CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2024-43649 HIGH
Iocharger AC <24120701 - Command Injection
CVSS 8.8
CVE-2024-43648 HIGH
Iocharger AC <24120701 - Command Injection
CVSS 8.8
CVE-2024-50603 CRITICAL KEV
Aviatrix Controller < 7.1.4191 and 7.2.x < 7.2.4996 - Unauthenticated Remote Code Execution via cloud_type Parameter
CVSS 10.0
CVE-2024-11681 MEDIUM
MacPorts < 2.10.5 - OS Command Injection via Malicious Mirror
CVSS 6.8
CVE-2024-12970 LOW
TUBITAK BILGEM Pardus OS My Computer <0.7.2 - Code Injection
CVSS 3.9
CVE-2024-13129 HIGH
Roxy-WI <= 8.1.3 - OS Command Injection via action_service Parameter
CVSS 8.8
CVE-2024-9140 CRITICAL
Moxa TN-4900 Series < 3.13 - OS Command Injection
CVSS 9.8
CVE-2024-56137 MEDIUM
maxkb < 1.9.0 - Authenticated Remote Code Execution via Custom Script Injection
CVSS 6.8
CVE-2024-12828 HIGH
Webmin - Authenticated Remote Code Execution via CGI Request Handling
CVSS 8.8
CVE-2024-54181 HIGH
IBM WebSphere Automation 1.7.5 - RCE
CVSS 7.2
CVE-2024-47919 CRITICAL
Tiki Wiki CMS < 28 - OS Command Injection
CVSS 9.8
CVE-2024-47918 MEDIUM
Tiki Wiki/CMS < 28 - Cross-Site Scripting
CVSS 6.1
CVE-2024-12987 HIGH KEV
DrayTek Vigor2960 and Vigor300B 1.5.1.4 - OS Command Injection via apmcfgupload Session Parameter
CVSS 7.3
CVE-2024-12986 HIGH
DrayTek Vigor2960 and Vigor300B 1.5.1.3-1.5.1.4 - OS Command Injection via apmcfgupptim Session Parameter
CVSS 7.3
CVE-2024-12856 HIGH
Four-Faith F3x24 and F3x36 Firmware 2.0 - Authenticated OS Command Injection via apply.cgi
CVSS 7.2
CVE-2024-12985 MEDIUM
Overtek OT-E801G OTE801G65.1.1.0 - Command Injection
CVSS 6.3
CVE-2024-53256 HIGH
rizin < 0.7.4 - OS Command Injection via Malicious Binary bclass Execution
CVSS 7.8
CVE-2024-54082 HIGH
home 5G HR02 & Wi-Fi STATION SH-54C - Command Injection
CVSS 7.2
CVE-2024-45721 HIGH
home <5G HR02, Wi-Fi STATION SH-52B, Wi-Fi STATION SH-54C - Command...
CVSS 7.2
CVE-2024-28767 MEDIUM
IBM Security Directory Integrator 7.2.0-7.2.0.13 and 10.0.0-10.0.3 - Authenticated OS Command Injection
CVSS 6.8
CVE-2024-12829 HIGH
Arista NG Firewall - Authenticated Remote Code Execution via ExecManagerImpl Command Injection
CVSS 8.8
CVE-2024-12686 MEDIUM KEV
BeyondTrust Privileged Remote Access and Remote Support < 24.3.1 - Authenticated OS Command Injection
CVSS 6.6
CVE-2024-48889 HIGH
FortiManager <6.4.15, 6.4.10-7.6.0, Cloud 7.0.1-7.0.12, 7.2.1-7.2.7, <7.4.4 - OS Command Injection
CVSS 7.2
CVE-2024-53688 HIGH
FXC Inc. AE1021 and AE1021PE <= 2.0.10 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-31668 CRITICAL
rizin < 0.6.3 - OS Command Injection via meta_set Function
CVSS 9.1
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits