CWE-77— Command Injection
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.— MITRE CWE catalog
3,881 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-77page 32 of 78
- CVE-2023-22657HIGHCVSS 7.0EG 7.82023-02-01
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Sup…
- CVE-2023-22659HIGHCVSS 7.2EG 7.22023-07-06
An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to t…
- CVE-2023-22671CRITICALCVSS 9.8EG 9.82023-01-06
Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input.
- CVE-2023-22747CRITICALCVSS 9.8EG 9.82023-03-01
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Succ…
- CVE-2023-22748CRITICALCVSS 9.8EG 9.82023-03-01
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Suc…
- CVE-2023-22749CRITICALCVSS 9.8EG 9.82023-03-01
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Suc…
- CVE-2023-22750CRITICALCVSS 9.8EG 9.82023-03-01
There are multiple command injection vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Suc…
- CVE-2023-22758HIGHCVSS 7.2EG 7.22023-03-01
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the un…
- CVE-2023-22759HIGHCVSS 7.2EG 7.22023-03-01
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the un…
- CVE-2023-22760HIGHCVSS 7.2EG 7.22023-03-01
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the un…
- CVE-2023-22761HIGHCVSS 7.2EG 7.22023-03-01
Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the un…
- CVE-2023-22762HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22763HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22764HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22765HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22766HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22767HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22768HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22769HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22770HIGHCVSS 7.2EG 7.22023-03-01
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operat…
- CVE-2023-22788HIGHCVSS 7.2EG 7.22023-05-08
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a priv…
- CVE-2023-22789HIGHCVSS 7.2EG 7.22023-05-08
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a priv…
- CVE-2023-22790HIGHCVSS 7.2EG 7.22023-05-08
Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a priv…
- CVE-2023-22815MEDIUMCVSS 6.2EG 6.02023-06-30
Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploi…
- CVE-2023-22816MEDIUMCVSS 6.0EG 6.02023-06-30
A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 de…
- CVE-2023-22884CRITICALCVSS 9.8EG 9.82023-01-21
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: bef…
- CVE-2023-22913HIGHCVSS 8.1EG 8.12023-04-24
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remot…
- CVE-2023-22935HIGHCVSS 8.1EG 8.82023-02-14
In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘display.page.search.patterns.sensitivity’ search parameter lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user …
- CVE-2023-23080CRITICALCVSS 9.8EG 9.82023-02-27
Certain Tenda products are vulnerable to command injection. This affects Tenda CP7 Tenda CP7<=V11.10.00.2211041403 and Tenda CP3 v.10 Tenda CP3 v.10<=V20220906024_2025 and Tenda IT7-PCS Tenda IT7-PCS<=V2209020914 and Tenda IT7-LCS Tenda IT…
- CVE-2023-23149CRITICALCVSS 9.8EG 9.82023-03-24
DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.
- CVE-2023-23294HIGHCVSS 8.8EG 8.82023-02-23
Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. An attacker can modify the file_name parameter to execute commands as root.
- CVE-2023-23295HIGHCVSS 8.8EG 8.82023-02-23
Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root.
- CVE-2023-23333CRITICALCVSS 9.8EG 9.82023-02-06
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
- CVE-2023-23355MEDIUMCVSS 6.6EG 8.82023-03-29
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected.…
- CVE-2023-23356MEDIUMCVSS 5.5EG 5.52024-12-19
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have…
- CVE-2023-23369CRITICALCVSS 9.0EG 9.02023-11-03
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the …
- CVE-2023-23550HIGHCVSS 7.2EG 7.22023-07-06
An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trig…
- CVE-2023-23564HIGHCVSS 8.8EG 8.82023-08-22
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.
- CVE-2023-2373HIGHCVSS 8.8EG 6.32023-04-28
A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This vulnerability affects unknown code of the component Web Management Interface. Such manipulation of the argument ecn-up leads to command injection. The attac…
- CVE-2023-2374HIGHCVSS 8.8EG 6.32023-04-28
A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This issue affects some unknown processing of the component Web Management Interface. Performing a manipulation of the argument ecn-down results in command …
- CVE-2023-2375HIGHCVSS 8.8EG 6.32023-04-28
A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Impacted is an unknown function of the component Web Management Interface. Executing a manipulation of the argument src can lead to command injection. It is poss…
- CVE-2023-2376HIGHCVSS 8.8EG 6.32023-04-28
A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The affected element is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injectio…
- CVE-2023-2377HIGHCVSS 8.8EG 6.32023-04-28
A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. The impacted element is an unknown function of the component Web Management Interface. The manipulation of the argument Name results in command injection. The atta…
- CVE-2023-2378HIGHCVSS 8.8EG 6.32023-04-28
A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown function of the component Web Management Interface. This manipulation of the argument suffix-rate-up causes command injection. The attack may be i…
- CVE-2023-23917HIGHCVSS 8.8EG 8.82023-02-23
A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Any user can create their own server in your cloud and become an admin so this vulnerability could affec…
- CVE-2023-23952CRITICALCVSS 9.8EG 9.82023-06-01
Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.
- CVE-2023-24032HIGHCVSS 7.8EG 7.82023-06-15
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
- CVE-2023-24046MEDIUMCVSS 6.8EG 6.82023-12-04
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility.
- CVE-2023-24135HIGHCVSS 7.8EG 7.82024-01-22
Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a command injection vulnerability in the function formWriteFacMac. This vulnerability allows attackers to execute arbitrary commands via manipulation of the mac p…
- CVE-2023-24138CRITICALCVSS 9.8EG 9.82023-02-03
TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function.
Map vulnerabilities like CWE-77 to your infrastructure
EchelonGraph correlates every CVE — across CWE-77 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →