VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 1 of 78
  • CVE-2016-1555CriKEVApr 21, 2017
    risk 0.87cvss 9.8epss 0.98

    (1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) boardDataNA.php, and (5) boardDataWW.php in Netgear WN604 before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 before 3.5.5.0 allow remote attackers to execute arbitrary commands.

  • CVE-2012-1823CriKEVMay 11, 2012
    risk 0.87cvss 9.8epss 1.00

    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options…

  • CVE-2007-3010CriKEVSep 18, 2007
    risk 0.86cvss 9.8epss 0.97

    masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.

  • CVE-2005-2773CriKEVSep 2, 2005
    risk 0.85cvss 9.8epss 0.74

    HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.

  • CVE-2016-10033CriKEVDec 30, 2016
    risk 0.80cvss 9.8epss 1.00

    The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

  • CVE-2015-2051HigKEVFeb 23, 2015
    risk 0.80cvss 8.8epss 0.97

    The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

  • CVE-2017-6327HigKEVAug 11, 2017
    risk 0.75cvss 8.8epss 0.35

    The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after…

  • CVE-2016-10108CriJan 3, 2017
    risk 0.74cvss 9.8epss 0.95

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.

  • CVE-2014-5470CriJun 21, 2024
    risk 0.73cvss 9.8epss 0.10

    Actual Analyzer through 2014-08-29 allows code execution via shell metacharacters because untrusted input is used for part of the input data passed to an eval operation.

  • CVE-2015-2857CriAug 22, 2017
    risk 0.73cvss 9.8epss 0.84

    Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter.

  • CVE-2016-10074CriDec 30, 2016
    risk 0.70cvss 9.8epss 0.42

    The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From,…

  • CVE-2016-10034CriDec 30, 2016
    risk 0.70cvss 9.8epss 0.38

    The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a…

  • CVE-2024-48841CriJan 27, 2025
    risk 0.69cvss 10.0epss 0.04

    Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.

  • CVE-2017-7722CriApr 12, 2017
    risk 0.69cvss 10.0epss 0.13

    In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the menuing script, an attacker…

  • CVE-2016-9682CriFeb 22, 2017
    risk 0.69cvss 9.8epss 0.23

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component responsible for emailing out…

  • CVE-2015-6024CriFeb 9, 2017
    risk 0.69cvss 9.8epss 0.26

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.

  • CVE-2018-12465CriJun 29, 2018
    risk 0.68cvss 9.1epss 0.79

    An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway (SMG) allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with…

  • CVE-2013-6924CriOct 11, 2017
    risk 0.68cvss 9.8epss 0.15

    Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.

  • CVE-2016-9683CriFeb 22, 2017
    risk 0.68cvss 9.8epss 0.12

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component responsible for…

  • CVE-2016-10045CriDec 30, 2016
    risk 0.68cvss 9.8epss 0.98

    The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail…