Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) — Vulnerability Class 1157

1157 vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-7160 TOTOLINK A3700R cstecgi.cgi setWanCfg command injection — A3700R 6.3 Medium2024-07-28
CVE-2024-7158 TOTOLINK A3100R HTTP POST Request cstecgi.cgi setTelnetCfg command injection — A3100R 6.3 Medium2024-07-28
CVE-2024-41815 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands — starship 7.4 High2024-07-26
CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution — Apache StreamPark (incubating) 8.8AIHighAI2024-07-17
CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution — Apache StreamPark (incubating) 8.8AIHighAI2024-07-17
CVE-2024-39914 FOG has a command injection in /fog/management/export.php?filename= — fogproject 9.8 Critical2024-07-12
CVE-2024-39571 Siemens SINEMA Remote Connect Server 安全漏洞 — SINEMA Remote Connect Server 8.8 High2024-07-09
CVE-2024-39570 Siemens SINEMA Remote Connect Server 命令注入漏洞 — SINEMA Remote Connect Server 8.8 High2024-07-09
CVE-2024-39569 Siemens SINEMA Remote Connect Client 命令注入漏洞 — SINEMA Remote Connect Client 6.6 Medium2024-07-09
CVE-2024-39568 Siemens SINEMA Remote Connect 命令注入漏洞 — SINEMA Remote Connect Client 7.8 High2024-07-09
CVE-2024-39567 Siemens SINEMA Remote Connect 命令注入漏洞 — SINEMA Remote Connect Client 7.8 High2024-07-09
CVE-2024-4944 Mobile VPN with SSL Local Privilege Escalation Vulnerability — Mobile VPN with SSL Client 7.8 High2024-07-09
CVE-2024-36983 Command Injection using External Lookups — Splunk Enterprise 8.0 High2024-07-01
CVE-2024-4578 Privilege escalation in Arista Wireless Access Points — Arista Wireless Access Points 8.4 High2024-06-27
CVE-2024-39373 Improper Neutralization of Special Elements used in a Command in TELSAT marKoni FM Transmitter — Markoni-D (Compact) FM Transmitters 9.8AICriticalAI2024-06-27
CVE-2024-4884 WhatsUp Gold CommunityController Unrestricted File Upload Remote Code Execution Vulnerability — WhatsUp Gold 9.8 Critical2024-06-25
CVE-2024-4883 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability — WhatsUp Gold 9.8 Critical2024-06-25
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation — Shared library 8.4 High2024-06-25
CVE-2024-4639 OnCell G3470A-LTE Series: Authenticated Command Injection via webDelIPSec — OnCell G3150A-LTE Series 7.1 High2024-06-25
CVE-2024-4638 OnCell G3470A-LTE Series: Authenticated Command Injection via webUploadKey — OnCell G3470A-LTE Series 7.1 High2024-06-25
CVE-2024-37091 WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability — Consulting Elementor Widgets 9.9 Critical2024-06-24
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API — Bludit 8.8AIHighAI2024-06-24
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API — Bludit 9.8AICriticalAI2024-06-24
CVE-2024-6269 Ruijie RG-UAC HTTP POST Request sxh_vpnlic.php get_ip.addr_details command injection — RG-UAC 4.7 Medium2024-06-23
CVE-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names — composer 8.8 High2024-06-10
CVE-2024-35241 Composer vulnerable to command injection via malicious git branch name — composer 8.8 High2024-06-10
CVE-2024-34792 WordPress Dextaz Ping plugin <= 0.65 - Remote Code Execution (RCE) vulnerability — Dextaz Ping 9.1 Critical2024-06-04
CVE-2024-5035 TP-Link Archer C5400X - RFTest Unauthenticated Command Injection — Archer C4500X 9.8AICriticalAI2024-05-27
CVE-2024-5355 anji-plus AJ-Report IGroovyHandler command injection — AJ-Report 6.3 Medium2024-05-26
CVE-2024-4267 Remote Code Execution in parisneo/lollms-webui — parisneo/lollms-webui 9.8AICriticalAI2024-05-22

Vulnerabilities classified as CWE-77 (在命令中使用的特殊元素转义处理不恰当(命令注入)) represent 1157 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.