CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,973 vulnerabilities with CWE-78
CVE-2024-4816 MEDIUM
Ruijie RG-UAC - OS Command Injection via GRE Configuration Endpoint
CVSS 6.3
CVE-2024-4815 MEDIUM
Ruijie RG-UAC - OS Command Injection via /view/bugSolve/viewData/detail.php filename Parameter
CVSS 6.3
CVE-2024-4814 MEDIUM
Ruijie RG-UAC - OS Command Injection via Static Route Edit Commit Parameter
CVSS 6.3
CVE-2024-4813 MEDIUM
Ruijie RG-UAC - OS Command Injection via interface_commit.php Name Parameter
CVSS 6.3
CVE-2024-34921 HIGH
TOTOLINK X5000R v9.1.0cu.2350_B20230313 - OS Command Injection via disconnectVPN Function
CVSS 8.8
CVE-2024-34210 HIGH
TOTOLINK outdoor CPE CP450 <v4.1.0cu.747_B20191224 - Command Injection
CVSS 7.3
CVE-2024-34205 HIGH
TOTOLINK CP450 <4.1.0cu.747_B20191224 - Command Injection
CVSS 7.3
CVE-2024-2662 HIGH
Unlimited Elements For Elementor <1.5.102 - Command Injection
CVSS 7.2
CVE-2024-33434 CRITICAL
tiagorlampert CHAOS < 0.0.0-20220716132853-b47438d36e3a - Remote Code Execution via Unsafe Filename Concatenation
CVSS 9.8
CVE-2024-4582 HIGH
Faraday GM8181-GM828x <20240429 - Command Injection
CVSS 7.3
CVE-2024-33112 HIGH
D-Link DIR-845L Firmware < 1.01krb03 - OS Command Injection via hnap_main() Function
CVSS 7.5
CVE-2024-4510 MEDIUM
Ruijie RG-UAC < 20240428 - OS Command Injection via arp_add_commit.php
CVSS 4.7
CVE-2024-4509 MEDIUM
Ruijie RG-UAC < 20240428 - OS Command Injection via add_commit.php ip_addr/mac_addr Parameters
CVSS 4.7
CVE-2024-4508 MEDIUM
Ruijie RG-UAC Firmware - OS Command Injection via static_route_edit_ipv6.php Parameters
CVSS 4.7
CVE-2024-4507 MEDIUM
Ruijie RG-UAC - OS Command Injection via IPv6 Static Route Configuration
CVSS 4.7
CVE-2024-4506 MEDIUM
Ruijie RG-UAC - OS Command Injection via ip_addr_edit_commit.php Parameter Manipulation
CVSS 4.7
CVE-2024-4505 MEDIUM
Ruijie RG-UAC - OS Command Injection via ip_addr_add_commit.php prelen/ethname Parameter
CVSS 4.7
CVE-2024-4504 MEDIUM
Ruijie RG-UAC - OS Command Injection via peer_ip/local_ip Argument
CVSS 4.7
CVE-2024-4503 MEDIUM
Ruijie RG-UAC - OS Command Injection via dhcp_relay_commit.php interface_from Parameter
CVSS 4.7
CVE-2024-4502 MEDIUM
Ruijie RG-UAC - OS Command Injection via dhcp_client_commit.php ifName Parameter
CVSS 4.7
CVE-2024-4501 MEDIUM
Ruijie RG-UAC - OS Command Injection via tcpDump Argument in commit.php
CVSS 4.7
CVE-2024-33793 MEDIUM
netis-systems MEX605 v2.00.06 - OS Command Injection via Ping Test Page
CVSS 5.3
CVE-2024-33792 CRITICAL
netis-systems MEX605 v2.00.06 - OS Command Injection via Tracert Page
CVSS 9.8
CVE-2024-34073 HIGH
sagemaker-python-sdk - Command Injection
CVSS 7.8
CVE-2024-31705 CRITICAL
GLPI 10.X.X and after - Remote Code Execution via Insufficient Input Validation
CVSS 9.8
Details
Vulnerabilities 5,973
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits