CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,974 vulnerabilities with CWE-78
CVE-2024-29189 HIGH
PyAnsys Geometry <0.3.3-0.4.11 - Code Injection
CVSS 7.4
CVE-2024-25002 HIGH
Bosch Network Synchronizer - Command Injection
CVSS 8.8
CVE-2024-24899 HIGH
openEuler aops-zeus <1.4.0 - Command Injection
CVSS 7.2
CVE-2024-24892 HIGH
openEuler migration-tools <1.0.1 - Command Injection
CVSS 8.1
CVE-2024-24890 HIGH
openEuler gala-gopher <1.0.2 - Command Injection
CVSS 7.8
CVE-2024-2854 MEDIUM
Tenda AC18 15.03.05.05 - OS Command Injection via usbName Parameter in formSetSambaConf
CVSS 6.3
CVE-2024-2853 MEDIUM
Tenda AC10U 15.03.06.48/15.03.06.49 - OS Command Injection via usbName Parameter
CVSS 6.3
CVE-2024-2851 MEDIUM
Tenda AC15 15.03.05.18/15.03.20_multi - OS Command Injection via usbName Parameter in formSetSambaConf
CVSS 6.3
CVE-2024-29185 CRITICAL
FreeScout <1.8.128 - Command Injection
CVSS 9.0
CVE-2024-2448 HIGH
LoadMaster 7.2.49.0-7.2.54.8 and 7.2.55.0-7.2.59.2 - Authenticated OS Command Injection via UI Component
CVSS 8.4
CVE-2024-2812 MEDIUM
Tenda AC15 15.03.05.18/15.03.20_multi - OS Command Injection via formWriteFacMac mac Parameter
CVSS 6.3
CVE-2024-2162 HIGH
Kiloview NDI N3/N3-s/N4/N20/N30/N40 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2024-2707 MEDIUM
Tenda AC10U 15.03.06.49 - OS Command Injection via formWriteFacMac mac Argument
CVSS 6.3
CVE-2024-27772 HIGH
Unitronics Unistream Unilogic -1.35.227 - OS Command Injection
CVSS 8.8
CVE-2024-28125 CRITICAL
FitNesse - Authenticated OS Command Injection
CVSS 9.8
CVE-2024-28254 HIGH
OpenMetadata < 1.2.4 - Authenticated Remote Code Execution via SpEL Expression Injection in AlertUtil
CVSS 8.8
CVE-2024-27920 HIGH
projectdiscovery/nuclei 3.0.0-3.1.9 - Remote Code Execution via Unsigned Custom Workflow Templates
CVSS 7.4
CVE-2024-2415 HIGH
Movistar 4G router <ES_WLD71-T1_v2.0.2018 - Command Injection
CVSS 7.8
CVE-2024-28187 HIGH
soy_cms < 3.14.2 - Authenticated OS Command Injection via File Upload Filename
CVSS 7.2
CVE-2024-2353 HIGH
Totolink X6000R 9.4.0cu.852_20230719 - Unauthenticated OS Command Injection via setDiagnosisCfg ip Parameter
CVSS 8.8
CVE-2024-0815 HIGH
Paddlepaddle <2.6.0 - Command Injection
CVSS 8.8
CVE-2024-20335 MEDIUM
Cisco Small Business - Command Injection
CVSS 6.5
CVE-2024-20328 MEDIUM
ClamAV 1.0.0-1.0.5 - OS Command Injection via VirusEvent File Name Handling
CVSS 5.3
CVE-2024-1624 CRITICAL
3DEXPERIENCE <R2024x - Command Injection
CVSS 9.4
CVE-2024-27516 CRITICAL
livehelperchat < 4.34 - Server-Side Template Injection via FAQ Search Parameter
CVSS 9.8
Details
Vulnerabilities 5,974
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits