CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 2 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6367 | Hig | 0.68 | 7.8 | 0.23 | KEV | Aug 18, 2016 | Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA. | |
| CVE-2026-42271 | Hig | 0.67 | 8.8 | 0.75 | KEV | May 8, 2026 | LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a… | |
| CVE-2016-10329 | Cri | 0.67 | 9.8 | 0.40 | May 12, 2017 | Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header. | ||
| CVE-2016-9684 | Cri | 0.67 | 9.8 | 0.07 | Feb 22, 2017 | The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL… | ||
| CVE-2010-4345 | Hig | 0.67 | 7.8 | 0.18 | KEV | Dec 14, 2010 | Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive. | |
| CVE-2017-15889 | Hig | 0.66 | 8.8 | 0.72 | Dec 4, 2017 | Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. | ||
| CVE-2026-23652 | Cri | 0.65 | 10.0 | 0.01 | May 22, 2026 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | ||
| CVE-2025-0868 | — | Cri | 0.65 | — | 0.15 | Feb 20, 2025 | A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from… | |
| CVE-2024-20418 | Cri | 0.65 | 10.0 | 0.03 | Nov 6, 2024 | A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the… | ||
| CVE-2024-29895 | Cri | 0.65 | 10.0 | 0.94 | May 14, 2024 | Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php`… | ||
| CVE-2024-3566 | Cri | 0.65 | 9.8 | 0.07 | Apr 10, 2024 | A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. | ||
| CVE-2022-45063 | Cri | 0.65 | 9.8 | 0.05 | Nov 10, 2022 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. | ||
| CVE-2014-1203 | Cri | 0.65 | 9.8 | 0.16 | Oct 24, 2017 | The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. | ||
| CVE-2017-11391 | Hig | 0.65 | 8.8 | 0.62 | Aug 3, 2017 | Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly… | ||
| CVE-2017-2349 | Cri | 0.65 | 9.9 | 0.02 | Jul 17, 2017 | A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to… | ||
| CVE-2017-7876 | Cri | 0.65 | 10.0 | 0.03 | Jun 15, 2017 | This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions. | ||
| CVE-2016-10107 | Cri | 0.65 | 9.8 | 0.11 | Jan 3, 2017 | Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header. | ||
| CVE-2016-5640 | Cri | 0.65 | 9.8 | 0.18 | Aug 3, 2016 | Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter. | ||
| CVE-2016-2056 | Hig | 0.65 | 8.8 | 0.55 | Apr 13, 2016 | xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c. | ||
| CVE-2016-2396 | Cri | 0.65 | 9.9 | 0.05 | Feb 17, 2016 | The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. |
- risk 0.68cvss 7.8epss 0.23
Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.
- risk 0.67cvss 8.8epss 0.75
LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a…
- risk 0.67cvss 9.8epss 0.40
Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.
- risk 0.67cvss 9.8epss 0.07
The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for processing SSL…
- risk 0.67cvss 7.8epss 0.18
Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands, as demonstrated by the spool_directory directive.
- risk 0.66cvss 8.8epss 0.72
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field.
- risk 0.65cvss 10.0epss 0.01
Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.
- risk 0.65cvss —epss 0.15
A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of JSON data using eval() an unauthorized attacker could send arbitrary Python code to be executed via /api/remote endpoint.. This issue affects DocsGPT: from…
- risk 0.65cvss 10.0epss 0.03
A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the…
- risk 0.65cvss 10.0epss 0.94
Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when `register_argc_argv` option of PHP is `On`. In `cmd_realtime.php`…
- risk 0.65cvss 9.8epss 0.07
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
- risk 0.65cvss 9.8epss 0.05
xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
- risk 0.65cvss 9.8epss 0.16
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php.
- risk 0.65cvss 8.8epss 0.62
Proxy command injection vulnerability in Trend Micro InterScan Messaging Virtual Appliance 9.0 and 9.1 allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the "t" parameter within modTMCSS Proxy. Formerly…
- risk 0.65cvss 9.9epss 0.02
A command injection vulnerability in the IDP feature of Juniper Networks Junos OS on SRX series devices potentially allows a user with login access to the device to execute shell commands and elevate privileges. Affected releases are Juniper Networks Junos OS 12.1X44 prior to…
- risk 0.65cvss 10.0epss 0.03
This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. QNAP have already fixed the issue in QTS 4.2.6 build 20170517, QTS 4.3.3.0174 build 20170503 and later versions.
- risk 0.65cvss 9.8epss 0.11
Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.
- risk 0.65cvss 9.8epss 0.18
Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to execute arbitrary commands via a .. (dot dot) in the ATE_COMMAND parameter.
- risk 0.65cvss 8.8epss 0.55
xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the adduser_name argument in (1) web/useradm.c or (2) web/chpasswd.c.
- risk 0.65cvss 9.9epss 0.05
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.