Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1157

1157 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-8129 D-Link DNS-1550-04 HTTP POST Request s3.cgi cgi_s3_modify command injection — DNS-120 6.3 Medium2024-08-24
CVE-2024-8128 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_add_zip command injection — DNS-120 6.3 Medium2024-08-24
CVE-2024-8127 D-Link DNS-1550-04 HTTP POST Request webfile_mgr.cgi cgi_unzip command injection — DNS-120 6.3 Medium2024-08-24
CVE-2024-7110 Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab — GitLab 6.4 Medium2024-08-22
CVE-2024-7922 D-Link DNS-1550-04 myMusic.cgi cgi_write_playlist command injection — DNS-120 6.3 Medium2024-08-19
CVE-2024-7907 TOTOLINK X6000R cstecgi.cgi setSyslogCfg command injection — X6000R 6.3 Medium2024-08-18
CVE-2024-7897 Tosei Online Store Management System ネット店舗管理システム tosei_kikai.php command injection — Online Store Management System ネット店舗管理システム 6.3 Medium2024-08-17
CVE-2024-7896 Tosei Online Store Management System ネット店舗管理システム p1_ftpserver.php command injection — Online Store Management System ネット店舗管理システム 6.3 Medium2024-08-17
CVE-2024-7833 D-Link DI-8100 upgrade_filter.asp upgrade_filter_asp command injection — DI-8100 6.3 Medium2024-08-15
CVE-2024-42360 Command Injection in sequenceserver — sequenceserver 9.8 Critical2024-08-14
CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack — Cortex XSOAR CommonScripts 9.8AICriticalAI2024-08-14
CVE-2024-7715 D-Link DNS-1550-04 photocenter_mgr.cgi sprintf command injection — DNS-120 6.3 Medium2024-08-13
CVE-2024-7700 Foreman: command injection in "host init config" template via "install packages" field on foreman 6.5 Medium2024-08-12
CVE-2024-21879 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway v4.x to v8.x and < v8.2.4225 — Envoy 8.8AIHighAI2024-08-10
CVE-2024-21878 Command Injection through Unsafe File Name Evaluation in internal script in Enphase IQ Gateway v4.x to and including 8.x — Envoy 8.8AIHighAI2024-08-10
CVE-2024-21880 URL parameter manipulations allows an authenticated attacker to execute arbitrary OS commands in Enphase IQ Gateway version 4.x <= 7.x — Envoy 8.8AIHighAI2024-08-10
CVE-2024-22122 AT(GSM) Command Injection — Zabbix 3.0 Low2024-08-09
CVE-2024-7616 Edimax IC-6220DC/IC-5150W ipcam_cgi cgiFormString command injection — IC-6220DC 5.5 Medium2024-08-08
CVE-2024-37023 Vonets WiFi Bridges Command Injection — VAR1200-H 9.1 Critical2024-08-08
CVE-2024-7397 Unauthenticated Command Injection — JetPort 5601v3 9.8AICriticalAI2024-08-05
CVE-2024-7464 TOTOLINK CP900 Telnet Service setTelnetCfg command injection — CP900 6.3 Medium2024-08-05
CVE-2024-7443 Vivotek IB8367A upload_file.cgi getenv command injection — IB8367A 6.3 Medium2024-08-03
CVE-2024-7442 Vivotek SD9364 upload_file.cgi getenv command injection — SD9364 6.3 Medium2024-08-03
CVE-2024-7440 Vivotek CC8160 upload_file.cgi getenv command injection — CC8160 6.3 Medium2024-08-03
CVE-2024-7436 D-Link DI-8100 msp_info.htm msp_info_htm command injection — DI-8100 6.3 Medium2024-08-03
CVE-2024-42348 FOG leaks sensitive information (AD domain, username and password) — fogproject 9.3 Critical2024-08-02
CVE-2024-7029 Command Injection in AVTech AVM1203 (IP Camera) — AVM1203 (IP Camera) 8.8 High2024-08-02
CVE-2024-7215 TOTOLINK LR1200 cstecgi.cgi NTPSyncWithHost command injection — LR1200 6.3 Medium2024-07-30
CVE-2024-7214 TOTOLINK LR350 cstecgi.cgi setWanCfg command injection — LR350 6.3 Medium2024-07-30
CVE-2024-7181 TOTOLINK A3600R cstecgi.cgi setTelnetCfg command injection — A3600R 6.3 Medium2024-07-29

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1157 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.