CWE-78 is a vulnerability that allows attackers to execute arbitrary OS commands on a target system. Learn more about this weakness and its history.

CWE-635: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-714: Weaknesses in OWASP Top Ten (2007)

CWE-727: Vulnerabilities related to OWASP Top Ten 2004 Category

CWE-741: CERT C Secure Coding Standard's Characters and Strings Weaknesses

CWE-744: Vulnerabilities in CERT C Secure Coding Standard (2008) Environment Regulations

CWE-751: Insecure Interaction Between Components

CWE-801: Insecure Interaction Between Components

CWE-810: Interconnected Vulnerabilities with OWASP Top Ten 2010

CWE-845: Input Validation and Data Sanitization Weaknesses

CWE-864: Insecure Interaction Between Components

CWE-875: Characters and Strings Weaknesses

CWE-878: Weaknesses Addressed by SEI CERT C++ Coding Standard

CWE-884: Multitude of Weaknesses with Broad Impacts

CWE-929: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-990: Detection of Tainted Input to Command Cluster

CWE-1027: Associated Weaknesses in OWASP Top Ten 2017

CWE-1131: Software Security Decrease with CISQ Quality Measures

CWE-1134: Input Validation and Data Sanitization Weaknesses

CWE-1165: Deficiencies in Environment Guidelines of SEI CERT C Coding Standard

CWE-1200: Understanding CWE 1200: Overview of Dangerous Software Errors

CWE-1337: The 2021 CWE Top 25 Most Dangerous Software Weaknesses

CWE-1347: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1350: 2020 CWE Top 25 Most Dangerous Software Weaknesses

CWE-1387: Hierarchical Connections Between Software Weaknesses

CWE-1409: Injection Vulnerabilities in Software Assurance Trends

CWE-1425: CWE Top 25 Most Dangerous Software Weaknesses

Explore the details of CWE-78, a vulnerability enabling malicious actors to run unauthorized OS commands. Discover the evolution of this weakness over time.

CWE-78: OS Command Injection Vulnerability Overview

CWE-78: OS Command Injection

CWE-78: OS Command Injection

Is your System Free of Underlying Vulnerabilities? Find Out Now

Is your System Free of Underlying Vulnerabilities?
Find Out Now