CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,970 vulnerabilities with CWE-78
CVE-2024-41956 HIGH
Soft Serve < 0.7.5 - Remote Code Execution via Git Environment Variable Injection
CVSS 8.1
CVE-2024-7357 MEDIUM
D-Link DIR-600 Firmware < 2.18 - OS Command Injection via soapcgi_main Service Parameter
CVSS 6.3
CVE-2024-39607 MEDIUM
ELECOM Wireless LAN Routers - Command Injection
CVSS 6.8
CVE-2024-40895 MEDIUM
FFRI AMC <3.5.3 - Command Injection
CVSS 6.4
CVE-2024-5670 CRITICAL
Softnext Mail SQR Expert and Mail Archiving Expert - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2024-7175 MEDIUM
TOTOLINK A3600R 4.1.2cu.5182_B20201102 - OS Command Injection via setDiagnosisCfg ipDoamin Parameter
CVSS 6.3
CVE-2024-7171 MEDIUM
TOTOLINK A3600R 4.1.2cu.5182_B20201102 - OS Command Injection via NTPSyncWithHost hostTime Parameter
CVSS 6.3
CVE-2024-42029 MEDIUM
xdg-desktop-portal-hyprland <1.3.3 - Command Injection
CVSS 6.3
CVE-2024-41815 HIGH
starship 1.0.0-1.19.0 - OS Command Injection via Custom Commands
CVSS 7.4
CVE-2024-38512 HIGH
Lenovo XClarity Controller - Authenticated OS Command Injection via IPMI Commands
CVSS 7.2
CVE-2024-38511 HIGH
Lenovo XClarity Controller - Authenticated OS Command Injection via File Upload
CVSS 7.2
CVE-2024-38510 HIGH
Lenovo XClarity Controller - Authenticated OS Command Injection via SSH Captive Shell File Upload
CVSS 7.2
CVE-2024-38508 HIGH
Lenovo XClarity Controller - Authenticated OS Command Injection via Web Interface or SSH Captive Shell
CVSS 7.2
CVE-2024-7120 MEDIUM
Raisecom MSG1200, MSG2100E, MSG2200, MSG2300 3.90 - OS Command Injection via list_base_config.php template parameter
CVSS 6.3
CVE-2024-41473 CRITICAL
Tenda FH1201 v1.2.0.14 - OS Command Injection via mac Parameter
CVSS 9.8
CVE-2024-41468 CRITICAL
Tenda FH1201 v1.2.0.14 - OS Command Injection via cmdinput Parameter
CVSS 9.8
CVE-2024-24623 HIGH
Softaculous Webuzo - Command Injection
CVSS 8.8
CVE-2024-24622 HIGH
Softaculous Webuzo - Command Injection
CVSS 8.8
CVE-2024-41136 MEDIUM
Aruba EdgeConnect SD-WAN Orchestrator 9.1.0-9.1.10 - Authenticated OS Command Injection via CLI
CVSS 6.8
CVE-2024-39345 HIGH
AdTran SDG SmartOS < 12.1.3.1 - Unauthenticated Remote Code Execution via Hardcoded Support Account
CVSS 7.2
CVE-2024-31977 HIGH
Adtran 834-5 <11.1.0.101 - Command Injection
CVSS 8.8
CVE-2024-7066 HIGH
F-logic DataCube3 1.0 - OS Command Injection via ntp_server Argument
CVSS 7.3
CVE-2024-39686 CRITICAL
fishaudio/bert-vits2 < 2.3 - OS Command Injection via data_dir Parameter
CVSS 9.8
CVE-2024-39685 CRITICAL
Bert-VITS2 < 2.3 - OS Command Injection via data_dir Parameter
CVSS 9.8
CVE-2024-41317 HIGH
TOTOLINK A6000R V1.0.1-B20201211.2000 - OS Command Injection via ifname Parameter in apcli_do_enr_pbc_wps
CVSS 8.0
Details
Vulnerabilities 5,970
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits