CWE-78
5,884 CVEs • Abstraction: Base • Likelihood of Exploit: High
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVEs (5,884)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, whi...Show more |
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this mi...Show more |
6Bsdi CalderaIsc+3 more7Bsd Os Goah IntrasvGoah Networksv+4 moreApr 16, 2026 Dec 4, 1996 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others. |
phf CGI program allows remote command execution through shell metacharacters. |