CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 1 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1555 | Cri | 0.87 | 9.8 | 0.98 | KEV | Apr 21, 2017 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. | |
| CVE-2012-1823 | Cri | 0.87 | 9.8 | 1.00 | KEV | May 11, 2012 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options… | |
| CVE-2007-3010 | Cri | 0.86 | 9.8 | 0.97 | KEV | Sep 18, 2007 | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | |
| CVE-2005-2773 | Cri | 0.85 | 9.8 | 0.74 | KEV | Sep 2, 2005 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | |
| CVE-2016-10033 | Cri | 0.80 | 9.8 | 1.00 | KEV | Dec 30, 2016 | The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property. | |
| CVE-2015-2051 | Hig | 0.80 | 8.8 | 0.97 | KEV | Feb 23, 2015 | The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |
| CVE-2017-6327 | Hig | 0.75 | 8.8 | 0.35 | KEV | Aug 11, 2017 | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after… | |
| CVE-2016-10108 | Cri | 0.74 | 9.8 | 0.95 | Jan 3, 2017 | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data. | ||
| CVE-2014-5470 | Cri | 0.73 | 9.8 | 0.10 | Jun 21, 2024 | Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. | ||
| CVE-2015-2857 | Cri | 0.73 | 9.8 | 0.84 | Aug 22, 2017 | Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | ||
| CVE-2016-10074 | Cri | 0.70 | 9.8 | 0.42 | Dec 30, 2016 | The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From,… | ||
| CVE-2016-10034 | Cri | 0.70 | 9.8 | 0.38 | Dec 30, 2016 | The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a… | ||
| CVE-2024-48841 | Cri | 0.69 | 10.0 | 0.04 | Jan 27, 2025 | Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. | ||
| CVE-2017-7722 | Cri | 0.69 | 10.0 | 0.13 | Apr 12, 2017 | In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker… | ||
| CVE-2016-9682 | Cri | 0.69 | 9.8 | 0.23 | Feb 22, 2017 | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out… | ||
| CVE-2015-6024 | Cri | 0.69 | 9.8 | 0.26 | Feb 9, 2017 | ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. | ||
| CVE-2018-12465 | Cri | 0.68 | 9.1 | 0.79 | Jun 29, 2018 | An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with… | ||
| CVE-2013-6924 | Cri | 0.68 | 9.8 | 0.15 | Oct 11, 2017 | Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php. | ||
| CVE-2016-9683 | Cri | 0.68 | 9.8 | 0.12 | Feb 22, 2017 | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for… | ||
| CVE-2016-10045 | Cri | 0.68 | 9.8 | 0.98 | Dec 30, 2016 | The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail… |
- risk 0.87cvss 9.8epss 0.98
(1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.
- risk 0.87cvss 9.8epss 1.00
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options…
- risk 0.86cvss 9.8epss 0.97
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
- risk 0.85cvss 9.8epss 0.74
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
- risk 0.80cvss 9.8epss 1.00
The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.
- risk 0.80cvss 8.8epss 0.97
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
- risk 0.75cvss 8.8epss 0.35
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…
- risk 0.74cvss 9.8epss 0.95
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.
- risk 0.73cvss 9.8epss 0.10
Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.
- risk 0.73cvss 9.8epss 0.84
Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.
- risk 0.70cvss 9.8epss 0.42
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From,…
- risk 0.70cvss 9.8epss 0.38
The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a…
- risk 0.69cvss 10.0epss 0.04
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.
- risk 0.69cvss 10.0epss 0.13
In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker…
- risk 0.69cvss 9.8epss 0.23
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out…
- risk 0.69cvss 9.8epss 0.26
ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.
- risk 0.68cvss 9.1epss 0.79
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with…
- risk 0.68cvss 9.8epss 0.15
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
- risk 0.68cvss 9.8epss 0.12
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for…
- risk 0.68cvss 9.8epss 0.98
The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail…