CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,973 vulnerabilities with CWE-78
CVE-2024-35306 CRITICAL
Pandora FMS 700-776 - OS Command Injection via Ajax PHP HTTP Request
CVSS 9.8
CVE-2024-35304 CRITICAL
Pandora FMS 700-776 - OS Command Injection via Netflow Function
CVSS 9.8
CVE-2024-5785 HIGH
Comtrend WLD71-T1_v2.0.201820 - Command Injection
CVSS 8.0
CVE-2024-4577 CRITICAL KEV
PHP CGI Argument Injection Remote Code Execution
CVSS 9.8
CVE-2024-5585 HIGH
PHP <8.1.29, 8.2.*<8.2.20, 8.3.*<8.3.8 - Command Injection
CVSS 7.7
CVE-2024-2359 CRITICAL
lollms_web_ui 9.3 - Remote Code Execution via /update_setting Host Configuration Bypass
CVSS 9.8
CVE-2024-1881 CRITICAL
agpt/autogpt_classic 0.5.0-<0.5.1 - OS Command Injection via Shell Command Validation Bypass
CVSS 9.8
CVE-2024-1880 HIGH
agpt/autogpt_classic < 0.5.1 - OS Command Injection via MacOSTTS _speech Method
CVSS 7.8
CVE-2024-3104 CRITICAL
AnythingLLM update-env Endpoint - Environment Variable Code Execution
CVSS 9.8
CVE-2024-30368 HIGH
A10networks Advanced Core Operating System - Command Injection
CVSS 8.8
CVE-2024-36394 CRITICAL
SysAid < 23.3.38 - OS Command Injection
CVSS 9.1
CVE-2024-5421 HIGH
utnserver Pro <20.1.22 - Command Injection
CVE-2024-4253 CRITICAL
gradio-app/gradio <@gradio/[email protected] - Command Injection
CVSS 9.1
CVE-2024-29973 CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
CVSS 9.8
CVE-2024-29972 CRITICAL
Zyxel NAS326 <V5.21(AAZF.17)C0 - Command Injection
CVSS 9.8
CVE-2024-32850 CRITICAL
SkyBridge MB-A100/MB-A110 <4.2.2 - SkyBridge BASIC MB-A130 <1.5.5 -...
CVSS 9.8
CVE-2024-2421 CRITICAL
LenelS2 NetBox <= 5.6.1 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2024-5411 HIGH
ORing IAP-420 Firmware < 2.01e - Authenticated OS Command Injection
CVSS 8.8
CVE-2024-5403 HIGH
ASKEY 5G NR Small Cell - Command Injection
CVSS 7.2
CVE-2024-5400 HIGH
Openfind Mail2000 - Authenticated OS Command Injection via CGI Parameter
CVSS 8.8
CVE-2024-5399 HIGH
Openfind Mail2000 - Command Injection
CVSS 7.2
CVE-2024-5340 MEDIUM
Ruijie RG-UAC <=20240516 - Code Injection
CVSS 4.7
CVE-2024-5339 MEDIUM
Ruijie RG-UAC <20240516 - Code Injection
CVSS 4.7
CVE-2024-5338 MEDIUM
Ruijie RG-UAC <20240516 - Code Injection
CVSS 4.7
CVE-2024-5337 MEDIUM
Ruijie RG-UAC <=20240516 - Code Injection
CVSS 4.7
Details
Vulnerabilities 5,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits