CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,974 vulnerabilities with CWE-78
CVE-2024-1520 CRITICAL
lollms_web_ui 9.0-<9.2 - OS Command Injection via Discussion ID Parameter
CVSS 9.8
CVE-2024-2243 HIGH
csmock < 3.5.3 - Authenticated OS Command Injection
CVSS 7.6
CVE-2024-24576 CRITICAL
Rust <1.77.2 - Command Injection
CVSS 10.0
CVE-2024-22423 HIGH
yt-dlp 2021.04.11-2024.04.09 - Command Injection via --exec Template Expansion
CVSS 8.3
CVE-2024-21756 HIGH
Fortinet FortiSandbox 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3 - OS Command Injection via Crafted Requests
CVSS 8.8
CVE-2024-21755 HIGH
FortiSandbox 4.0.0-4.0.4, 4.2.1-4.2.6, 4.4.0-4.4.3 - OS Command Injection via Crafted Requests
CVSS 8.8
CVE-2024-30414 HIGH
Huawei EMUI and HarmonyOS - OS Command Injection in AccountManager Module
CVSS 7.5
CVE-2024-3346 MEDIUM
Byzoro Smart S80 <20240328 - Code Injection
CVSS 6.3
CVE-2024-29167 HIGH
SVR-116 <1.6.0.30028871 - Command Injection
CVSS 7.2
CVE-2024-26258 HIGH
ELECOM Wireless LAN Routers - Command Injection
CVSS 7.1
CVE-2024-25568 HIGH
ELECOM wireless LAN routers <1.25 - Command Injection
CVSS 8.8
CVE-2024-1180 HIGH
TP-Link Omada ER605 Firmware < 2.2.3 - Authenticated OS Command Injection via Access Control Name Field
CVSS 8.0
CVE-2024-2389 CRITICAL
Progress Kemp Flowmon - Command Injection
CVSS 10.0
CVE-2024-29640 CRITICAL
aliyundrive-webdav 2.3.3 - Remote Code Execution via sid Parameter in action_query_qrcode
CVSS 9.8
CVE-2024-30645 HIGH
Tenda AC15 Firmware V15.03.20_multi - OS Command Injection via deviceName Parameter
CVSS 8.0
CVE-2024-30247 CRITICAL
NextCloudPi < 1.53.1 - Unauthenticated OS Command Injection via Web Panel
CVSS 10.0
CVE-2024-25955 HIGH
Dell vApp Manager < 9.2.4.9 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-25946 HIGH
Dell vApp Manager < 9.2.4.9 - Authenticated OS Command Injection
CVSS 7.2
CVE-2024-28015 CRITICAL
NEC Aterm Firmware - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2024-2910 MEDIUM
Ruijie RG-EG350 <20240318 - Code Injection
CVSS 6.3
CVE-2024-2909 HIGH
Ruijie RG-EG350 <20240318 - Code Injection
CVSS 8.8
CVE-2024-27521 HIGH
TOTOLINK A3300R V17.0.0cu.557_B20221024 - RCE
CVSS 8.0
CVE-2024-2897 MEDIUM
Tenda AC7 15.03.06.44 - OS Command Injection via formWriteFacMac mac Argument
CVSS 6.3
CVE-2024-28048 CRITICAL
ffBull 4.11 - Unauthenticated OS Command Injection
CVSS 9.8
CVE-2024-28033 HIGH
WebProxy 1.7.8-1.7.9 - Command Injection
CVSS 7.3
Details
Vulnerabilities 5,974
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits