CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,967 vulnerabilities with CWE-78
CVE-2024-53376 HIGH
CyberPanel < 2.3.8 - Authenticated OS Command Injection via phpSelection Parameter
CVSS 8.8
CVE-2024-11858 HIGH
radare2 < 5.9.8 - OS Command Injection via Pebble Application File Processing
CVSS 8.6
CVE-2024-48008 MEDIUM
Dell RecoverPoint for Virtual Machines 6.0.x - OS Command Injection
CVSS 5.3
CVE-2024-22461 HIGH
Dell RecoverPoint for VMs 6.0.x - Command Injection
CVSS 8.8
CVE-2024-52058 HIGH
RTI Connext Professional <7.3.0.2-6.1.2.19 - Command Injection
CVSS 7.8
CVE-2024-54008 HIGH
HPE Aruba Networking AirWave Management Platform 8.0.0.0-8.3.0.2 - Authenticated Remote Code Execution via CLI
CVSS 7.2
CVE-2024-28138 HIGH
Scan2Net < 7.40 - Unauthenticated OS Command Injection via msg_events.php data Parameter
CVSS 7.3
CVE-2024-12358 MEDIUM
datax-web 2.1.1 - OS Command Injection via /api/job/add/ glueSource Parameter
CVSS 6.3
CVE-2024-47115 HIGH
IBM AIX 7.2-7.3 and VIOS 3.1-4.1 - OS Command Injection
CVSS 7.8
CVE-2024-52320 CRITICAL
Planet Technology WGS-804HPT v1.305b210531 - Command Injection
CVSS 9.8
CVE-2024-50393 CRITICAL
QNAP QTS and QuTS hero - OS Command Injection
CVSS 9.8
CVE-2024-50388 CRITICAL
HBS 3 Hybrid Backup Sync < 25.1.1.673 - OS Command Injection
CVSS 9.8
CVE-2024-48863 CRITICAL
QNAP License Center 1.9.36-1.9.42 - OS Command Injection
CVSS 9.8
CVE-2024-47133 HIGH
I-O DATA DEVICE UD-LT1 and UD-LT1/EX <= 2.1.9 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-51465 HIGH
IBM App Connect Enterprise Certified Container 11.4-12.3 - Authenticated OS Command Injection
CVSS 8.8
CVE-2024-9200 HIGH
Zyxel VMG4005-B50A Firmware < 5.15(ABQA.2.2)C0 - Authenticated OS Command Injection via Diagnostic Host Parameter
CVSS 7.2
CVE-2024-53940 HIGH
Victure RX1800 WiFi 6 Router - Command Injection
CVSS 8.8
CVE-2024-53939 HIGH
Victure RX1800 WiFi 6 Router - Command Injection
CVSS 8.8
CVE-2024-53375 HIGH
TP-Link Archer Router Series - Authenticated Remote Code Execution via HomeShield tmp_get_sites Function
CVSS 8.0
CVE-2024-53992 HIGH
Unzip-bot <7.0.3a - Command Injection
CVE-2024-49803 CRITICAL
IBM Security Verify Access Appliance 10.0.0-10.0.8 - Command Injection
CVSS 9.8
CVE-2024-11983 HIGH
Billion Electric Router - Command Injection
CVSS 7.2
CVE-2024-11482 CRITICAL
Trellix ESM 11.6.10 - Unauthenticated RCE via Snowservice API Command Injection
CVSS 9.8
CVE-2024-10896 MEDIUM
Logo Slider WordPress Plugin < 4.5.0 - Authenticated Stored Cross-Site Scripting in Logo and Slider Settings
CVSS 5.4
CVE-2024-51228 MEDIUM
TOTOLINK Routers formSysCmd - Remote Command Execution
CVSS 6.8
Details
Vulnerabilities 5,967
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits