CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 11 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-4918 | Cri | 0.64 | 9.8 | 0.05 | Jun 8, 2017 | VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client… | ||
| CVE-2017-7689 | Cri | 0.64 | 9.8 | 0.06 | Apr 11, 2017 | A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0. | ||
| CVE-2016-5065 | Cri | 0.64 | 9.8 | 0.03 | Apr 10, 2017 | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection. | ||
| CVE-2016-10312 | Cri | 0.64 | 9.8 | 0.03 | Apr 3, 2017 | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages. | ||
| CVE-2014-5008 | Cri | 0.64 | 9.8 | 0.04 | Mar 31, 2017 | Snoopy allows remote attackers to execute arbitrary commands. | ||
| CVE-2008-7313 | Cri | 0.64 | 9.8 | 0.05 | Mar 31, 2017 | The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796. | ||
| CVE-2016-10194 | Cri | 0.64 | 9.8 | 0.03 | Mar 3, 2017 | The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb. | ||
| CVE-2016-10098 | Cri | 0.64 | 9.8 | 0.03 | Feb 5, 2017 | An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands. | ||
| CVE-2016-10182 | Cri | 0.64 | 9.8 | 0.09 | Jan 30, 2017 | An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters. | ||
| CVE-2016-7399 | Cri | 0.64 | 9.8 | 0.05 | Jan 4, 2017 | scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense. | ||
| CVE-2016-1000156 | Cri | 0.64 | 9.8 | 0.03 | Dec 14, 2016 | Mailcwp remote file upload vulnerability incomplete fix v1.100 | ||
| CVE-2016-9835 | Cri | 0.64 | 9.8 | 0.04 | Dec 5, 2016 | Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file. | ||
| CVE-2016-1388 | Cri | 0.64 | 9.8 | 0.02 | Jun 3, 2016 | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP… | ||
| CVE-2015-0857 | Cri | 0.64 | 9.8 | 0.05 | May 6, 2016 | Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | ||
| CVE-2016-2002 | Cri | 0.64 | 9.8 | 0.03 | Apr 20, 2016 | The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417. | ||
| CVE-2016-2397 | Cri | 0.64 | 9.8 | 0.06 | Feb 17, 2016 | The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. | ||
| CVE-2017-11392 | Hig | 0.63 | 8.8 | 0.34 | Aug 3, 2017 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly… | ||
| CVE-2016-3081 | Hig | 0.63 | 8.1 | 0.94 | Apr 26, 2016 | Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions. | ||
| CVE-2026-8037 | Cri | 0.62 | 9.6 | 0.02 | Jun 4, 2026 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints | ||
| CVE-2026-35428 | Cri | 0.62 | 9.6 | 0.01 | May 7, 2026 | Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network. |
- risk 0.64cvss 9.8epss 0.05
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client…
- risk 0.64cvss 9.8epss 0.06
A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.
- risk 0.64cvss 9.8epss 0.03
Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command injection.
- risk 0.64cvss 9.8epss 0.03
Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to execute arbitrary commands via shell metacharacters to certain /goform/* pages.
- risk 0.64cvss 9.8epss 0.04
Snoopy allows remote attackers to execute arbitrary commands.
- risk 0.64cvss 9.8epss 0.05
The _httpsrequest function in Snoopy allows remote attackers to execute arbitrary commands. NOTE: this issue exists dues to an incomplete fix for CVE-2008-4796.
- risk 0.64cvss 9.8epss 0.03
The festivaltts4r gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a string to the (1) to_speech or (2) to_mp3 method in lib/festivaltts4r/festival4r.rb.
- risk 0.64cvss 9.8epss 0.03
An issue was discovered on SendQuick Entera and Avera devices before 2HF16. Multiple Command Injection vulnerabilities allow attackers to execute arbitrary system commands.
- risk 0.64cvss 9.8epss 0.09
An issue was discovered on the D-Link DWR-932B router. qmiweb allows command injection with ` characters.
- risk 0.64cvss 9.8epss 0.05
scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, 2.7.x through 2.7.3, and 3.0.x allow remote attackers to execute arbitrary commands via shell metacharacters in the hostName parameter to appliancews/getLicense.
- risk 0.64cvss 9.8epss 0.03
Mailcwp remote file upload vulnerability incomplete fix v1.100
- risk 0.64cvss 9.8epss 0.04
Directory traversal vulnerability in file "jcss.php" in Zikula 1.3.x before 1.3.11 and 1.4.x before 1.4.4 on Windows allows a remote attacker to launch a PHP object injection by uploading a serialized file.
- risk 0.64cvss 9.8epss 0.02
Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(1) allow remote attackers to execute arbitrary OS commands via a crafted HTTP…
- risk 0.64cvss 9.8epss 0.05
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
- risk 0.64cvss 9.8epss 0.03
The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417.
- risk 0.64cvss 9.8epss 0.06
The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data.
- risk 0.63cvss 8.8epss 0.34
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "T" parameter within modTMCSS Proxy. Formerly…
- risk 0.63cvss 8.1epss 0.94
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via method: prefix, related to chained expressions.
- risk 0.62cvss 9.6epss 0.02
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints
- risk 0.62cvss 9.6epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Azure Cloud Shell allows an unauthorized attacker to perform spoofing over a network.