Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1153

1153 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-7922 D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection — DNS-120 6.3 Medium2024-08-19
CVE-2024-7907 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection — X6000R 6.3 Medium2024-08-18
CVE-2024-7897 Tosei Online Store Management System ネット店舗管理システム tosei_kikai.php command injection — Online Store Management System ネット店舗管理システム 6.3 Medium2024-08-17
CVE-2024-7896 Tosei Online Store Management System ネット店舗管理システム p1_ftpserver.php command injection — Online Store Management System ネット店舗管理システム 6.3 Medium2024-08-17
CVE-2024-7833 D-Link DI-8100 upgrade_filter.asp upgrade_filter_asp command injection — DI-8100 6.3 Medium2024-08-15
CVE-2024-42360 Command Injection in sequenceserver — sequenceserver 9.8 Critical2024-08-14
CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack — Cortex XSOAR CommonScripts 9.8AICriticalAI2024-08-14
CVE-2024-7715 D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection — DNS-120 6.3 Medium2024-08-13
CVE-2024-7700 Foreman: command injection in "host init config" template via "install packages" field on foreman 6.5 Medium2024-08-12
CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225 — Envoy 8.8AIHighAI2024-08-10
CVE-2024-21878 Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x — Envoy 8.8AIHighAI2024-08-10
CVE-2024-21880 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x — Envoy 8.8AIHighAI2024-08-10
CVE-2024-22122 AT(GSM) Command Injection — Zabbix 3.0 Low2024-08-09
CVE-2024-7616 Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection — IC-6220DC 5.5 Medium2024-08-08
CVE-2024-37023 Vonets WiFi Bridges Command Injection — VAR1200-H 9.1 Critical2024-08-08
CVE-2024-7397 Unauthenticated Command Injection — JetPort 5601v3 9.8AICriticalAI2024-08-05
CVE-2024-7464 TOTOLINK CP900 Telnet Service setTelnetCfg command injection — CP900 6.3 Medium2024-08-05
CVE-2024-7443 Vivotek IB8367A upload_file.cgi getenv command injection — IB8367A 6.3 Medium2024-08-03
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection — SD9364 6.3 Medium2024-08-03
CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection — CC8160 6.3 Medium2024-08-03
CVE-2024-7436 D-Link DI-8100 msp_info.htm msp_info_htm command injection — DI-8100 6.3 Medium2024-08-03
CVE-2024-42348 FOG leaks sensitive information (AD domain, username and password) — fogproject 9.3 Critical2024-08-02
CVE-2024-7029 Command Injection in AVTech AVM1203 (IP Camera) — AVM1203 (IP Camera) 8.8 High2024-08-02
CVE-2024-7215 TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection — LR1200 6.3 Medium2024-07-30
CVE-2024-7214 TOTOLINK LR350 cstecgi.cgi setWanCfg command injection — LR350 6.3 Medium2024-07-30
CVE-2024-7181 TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection — A3600R 6.3 Medium2024-07-29
CVE-2024-7160 TOTOLINK A3700R cstecgi.cgi setWanCfg command injection — A3700R 6.3 Medium2024-07-28
CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection — A3100R 6.3 Medium2024-07-28
CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands — starship 7.4 High2024-07-26
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution — Apache StreamPark (incubating) 8.8AIHighAI2024-07-17

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1153 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.