CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,970 vulnerabilities with CWE-78
CVE-2024-42743 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42742 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-42741 HIGH
TOTOLINK X5000r v9.1.0cu.2350_b20230313 - Command Injection
CVSS 8.8
CVE-2024-40893 MEDIUM
Firewalla Box Software <1.979 - Command Injection
CVSS 6.8
CVE-2024-39091 HIGH
MIPC Camera Firmware < 5.4.1.240424171021 - OS Command Injection via ccm_debug Component
CVSS 8.8
CVE-2024-6917 CRITICAL
Veribase Order Management < 4.010.2 - OS Command Injection
CVSS 9.8
CVE-2024-42370 HIGH
Litestar <= 2.10.0 - Environment Variable Injection via docs-preview.yml Workflow
CVSS 8.3
CVE-2024-42167 CRITICAL
FIWARE Keyrock <= 8.4 - Authenticated OS Command Injection via Application Organisation Name
CVSS 9.1
CVE-2024-42166 CRITICAL
FIWARE Keyrock <= 8.4 - Authenticated OS Command Injection via Application Name
CVSS 9.1
CVE-2024-21880 HIGH
Enphase IQ Gateway Firmware 4.0-7.3.120 - Authenticated OS Command Injection via URL Parameter
CVSS 7.2
CVE-2024-21879 HIGH
Enphase IQ Gateway Firmware 4.0-8.2.4225 - Authenticated OS Command Injection via URL Parameter
CVSS 8.8
CVE-2024-21878 CRITICAL
Enphase IQ Gateway Firmware 4.0-8.2.4225 - OS Command Injection in Internal Script
CVSS 9.8
CVE-2024-3659 HIGH
KAON AR2140 Firmware < 3.2.50 and < 4.2.16 - Authenticated OS Command Injection via Crafted Request
CVSS 7.2
CVE-2024-7580 MEDIUM
Alien Technology ALR-F800 < 19.10.24.00 - OS Command Injection via uploadedFile Parameter
CVSS 6.3
CVE-2024-7579 MEDIUM
Alien Technology ALR-F800 Firmware < 19.10.24 - OS Command Injection via File Name Handler
CVSS 6.3
CVE-2024-39228 CRITICAL
GL-iNet Firmware - OS Command Injection via OVPN Interface Configuration Check
CVSS 9.8
CVE-2024-23483 HIGH
Zscaler Client Connector < 4.2 - OS Command Injection
CVSS 7.0
CVE-2024-7470 MEDIUM
Raisecom MSG1200, MSG2100E, MSG2200, MSG2300 3.90 - OS Command Injection via vpn_template_style.php
CVSS 6.3
CVE-2024-7469 MEDIUM
Raisecom MSG1200, MSG2100E, MSG2200, MSG2300 3.90 - OS Command Injection via sslvpn_config_mod
CVSS 6.3
CVE-2024-7468 MEDIUM
Raisecom MSG1200, MSG2100E, MSG2200, MSG2300 3.90 - OS Command Injection via Web Interface sslvpn_config_mod
CVSS 6.3
CVE-2024-7467 MEDIUM
Raisecom MSG1200 MSG2100E MSG2200 MSG2300 3.90 - OS Command Injection via list_ip_network.php
CVSS 6.3
CVE-2024-38887 CRITICAL
Caterease 16.0.1.1663-24.0.1.2405 - OS Command Injection via Database Privilege Escalation
CVSS 9.8
CVE-2024-38889 CRITICAL
Caterease 16.0.1.1663-24.0.1.2405 - SQL Injection
CVSS 9.8
CVE-2024-38882 CRITICAL
Caterease 16.0.1.1663-24.0.1.2405 - Remote Code Execution via SQL Injection
CVSS 9.8
CVE-2024-33896 HIGH
ewon Cosy+ Firmware 21.x < 21.2s10 and 22.x < 22.1s3 - OS Command Injection via Parameter Blacklist Bypass
CVSS 7.2
Details
Vulnerabilities 5,970
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits