CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
ClassDraftLikelihood: High
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (789)
page 1 of 40| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-1555 | Cri | 0.86 | 9.8 | 0.94 | KEV | Apr 21, 2017 | (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands. |
| CVE-2012-1823 | Cri | 0.86 | 9.8 | 0.94 | KEV | May 11, 2012 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. |
| CVE-2007-3010 | Cri | 0.86 | 9.8 | 0.94 | KEV | Sep 18, 2007 | masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. |
| CVE-2005-2773 | Cri | 0.86 | 9.8 | 0.90 | KEV | Sep 2, 2005 | HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. |
| CVE-2015-2051 | Hig | 0.80 | 8.8 | 0.93 | KEV | Feb 23, 2015 | The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. |
| CVE-2017-6327 | Hig | 0.78 | 8.8 | 0.77 | KEV | Aug 11, 2017 | The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. |
| CVE-2014-5470 | Cri | 0.73 | 9.8 | 0.78 | Jun 21, 2024 | Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation. | |
| CVE-2024-48841 | Cri | 0.68 | 10.0 | 0.04 | Jan 27, 2025 | Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older. | |
| CVE-2016-6367 | Hig | 0.67 | 7.8 | 0.19 | KEV | Aug 18, 2016 | Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. |
| CVE-2010-4345 | Hig | 0.66 | 7.8 | 0.07 | KEV | Dec 14, 2010 | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. |
| CVE-2024-20418 | Cri | 0.65 | 10.0 | 0.03 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system. This vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device. | |
| CVE-2024-29895 | Cri | 0.65 | 10.0 | 0.93 | May 14, 2024 | Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php` line 119, the `$poller_id` used as part of the command execution is sourced from `$_SERVER['argv']`, which can be controlled by URL when `register_argc_argv` option of PHP is `On`. And this option is `On` by default in many environments such as the main PHP Docker image for PHP. Commit 53e8014d1f082034e0646edc6286cde3800c683d contains a patch for the issue, but this commit was reverted in commit 99633903cad0de5ace636249de16f77e57a3c8fc. | |
| CVE-2022-45063 | Cri | 0.65 | 9.8 | 0.18 | Nov 10, 2022 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. | |
| CVE-2026-7823 | Cri | 0.64 | 9.8 | 0.01 | May 5, 2026 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2026-7538 | Cri | 0.64 | 9.8 | 0.01 | May 1, 2026 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | |
| CVE-2026-26015 | Cri | 0.64 | 9.8 | 0.00 | Apr 29, 2026 | DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test" behavior to achieve arbitrary remote code execution (RCE). This issue has been patched in version 0.16.0. | |
| CVE-2026-36841 | Cri | 0.64 | 9.8 | 0.00 | Apr 29, 2026 | TOTOLINK N200RE V5 was discovered to contain a command injection vulnerability via the macstr and bandstr parameters in the formMapDelDevice function. | |
| CVE-2026-7244 | Cri | 0.64 | 9.8 | 0.01 | Apr 28, 2026 | A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument merge results in os command injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2026-7243 | Cri | 0.64 | 9.8 | 0.01 | Apr 28, 2026 | A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument maxRtrAdvInterval leads to os command injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |
| CVE-2026-7242 | Cri | 0.64 | 9.8 | 0.01 | Apr 28, 2026 | A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. |