CWE-78

High likelihood

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

5,978 vulnerabilities with CWE-78
CVE-2023-53948 CRITICAL
Lilac-Reloaded for Nagios 2.0.8 - RCE
CVSS 9.8
CVE-2023-53945 HIGH
BrainyCP 1.0 - Authenticated Remote Code Execution via Crontab Configuration Injection
CVSS 8.8
CVE-2023-53941 CRITICAL
EasyPHP Webserver 14.1 - Command Injection
CVSS 9.8
CVE-2023-53872 CRITICAL
Wp2Fac 1.0 - OS Command Injection via send.php numara Parameter
CVE-2023-7311 CRITICAL
BYTEVALUE Intelligent Flow Control Router - Command Injection
CVE-2023-7304 CRITICAL
Ruijie RG-UAC Application Management Gateway - Command Injection
CVE-2023-53158 MEDIUM
gix-transport < 0.36.1 - OS Command Injection via SSH URL ProxyCommand Parameter
CVSS 4.1
CVE-2023-28906 HIGH
Volkswagen MIB3 infotainment system MIB3 OI MQB <0304 - Authenticated OS Command Injection
CVSS 7.8
CVE-2023-34873 HIGH
MOBOTIX P3 <MX-V4.7.2.18 & Mx6 <MX-V5.2.0.61 - Authenticated RCE
CVE-2023-37032 HIGH
Magma <= 1.8.0 - Unauthenticated Denial of Service via Oversized Emergency Number List NAS Packet
CVSS 7.5
CVE-2023-37937 HIGH
FortiSwitch 6.0.0-6.2.7, 6.4.0-6.4.13, 7.0.0-7.0.7, 7.2.0-7.2.5, 7.4.0 - OS Command Injection via CLI
CVSS 7.8
CVE-2023-23356 MEDIUM
QuFirewall < 2.3.3 - Authenticated OS Command Injection
CVSS 5.5
CVE-2023-24467 HIGH
OpenText iManager <3.2.6.0000 - Command Injection
CVSS 8.8
CVE-2023-20036 CRITICAL
Cisco Industrial Network Director < 1.11.3 - Authenticated OS Command Injection via Device Pack Upload
CVSS 9.9
CVE-2023-29120 CRITICAL
Waybox Pro Firmware < 2.1.1.0_jb3vu096a - OS Command Injection
CVSS 9.6
CVE-2023-47105 HIGH
chaosblade 0.3-1.7.3 - Unauthenticated OS Command Injection via cmd Parameter
CVSS 8.6
CVE-2023-47563 HIGH
QNAP Video Station 5.0.0-5.8.1 - Authenticated OS Command Injection
CVSS 7.4
CVE-2023-39300 HIGH
QTS < 4.3.6.2805 - Authenticated OS Command Injection
CVSS 7.2
CVE-2023-34979 MEDIUM
QNAP QTS and QuTS hero - Authenticated OS Command Injection
CVSS 6.6
CVE-2023-34974 HIGH
QNAP QTS and QuTS hero - OS Command Injection
CVSS 8.8
CVE-2023-26315 MEDIUM
Xiaomi router AX9000 - Command Injection
CVSS 6.5
CVE-2023-50383 HIGH
Realtek rtl819x Jungle SDK 3.4.11 - OS Command Injection via boa formWsc localPin Parameter
CVSS 7.2
CVE-2023-50382 HIGH
Realtek rtl819x Jungle SDK 3.4.11 - OS Command Injection via boa formWsc peerPin Parameter
CVSS 7.2
CVE-2023-50381 HIGH
Realtek rtl819x Jungle SDK 3.4.11 - OS Command Injection via targetAPSsid Parameter
CVSS 7.2
CVE-2023-47802 HIGH
Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authenticated OS Command Injection in IP Block Functionality
CVSS 7.2
Details
Vulnerabilities 5,978
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits