CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-105 · CAPEC-108 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-14 · CAPEC-24 · CAPEC-250 · CAPEC-267 · CAPEC-273 · CAPEC-28 · CAPEC-3 · CAPEC-34 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-51 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-83 · CAPEC-84 · CAPEC-9
CVEs mapped to this weakness (3,064)
page 146 of 154| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30506 | — | 0.00 | — | 0.03 | May 27, 2022 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | ||
| CVE-2022-29166 | 0.00 | — | 0.01 | May 5, 2022 | matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc… | |||
| CVE-2022-23064 | 0.00 | — | 0.00 | May 2, 2022 | In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus… | |||
| CVE-2022-25866 | — | 0.00 | — | 0.02 | Apr 25, 2022 | The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that… | ||
| CVE-2022-29078 | — | 0.00 | — | 0.93 | Apr 25, 2022 | The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is… | ||
| CVE-2022-21223 | — | 0.00 | — | 0.01 | Apr 1, 2022 | The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set.… | ||
| CVE-2022-24440 | — | 0.00 | — | 0.01 | Apr 1, 2022 | The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git… | ||
| CVE-2022-21187 | — | 0.00 | — | 0.01 | Mar 14, 2022 | The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command… | ||
| CVE-2022-24760 | 0.00 | — | 0.76 | Mar 11, 2022 | Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the… | |||
| CVE-2022-24433 | — | 0.00 | — | 0.01 | Mar 11, 2022 | The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was… | ||
| CVE-2022-21705 | 0.00 | — | 0.70 | Feb 23, 2022 | Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to… | |||
| CVE-2022-25337 | — | 0.00 | — | 0.01 | Feb 18, 2022 | Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames. | ||
| CVE-2022-23616 | 0.00 | — | 0.02 | Feb 9, 2022 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset… | |||
| CVE-2022-23614 | 0.00 | — | 0.21 | Feb 4, 2022 | Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to… | |||
| CVE-2022-21724 | — | 0.00 | — | 0.03 | Feb 2, 2022 | pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin… | ||
| CVE-2022-21687 | — | 0.00 | — | 0.00 | Feb 1, 2022 | gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running… | ||
| CVE-2021-32649 | 0.00 | — | 0.01 | Jan 14, 2022 | October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially… | |||
| CVE-2021-32650 | 0.00 | — | 0.01 | Jan 14, 2022 | October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode… | |||
| CVE-2021-29454 | 0.00 | — | 0.01 | Jan 10, 2022 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user… | |||
| CVE-2022-22817 | — | 0.00 | — | 0.03 | Jan 7, 2022 | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used. |
- CVE-2022-30506May 27, 2022risk 0.00cvss —epss 0.03
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file.
- CVE-2022-29166May 5, 2022risk 0.00cvss —epss 0.01
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc…
- CVE-2022-23064May 2, 2022risk 0.00cvss —epss 0.00
In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus…
- CVE-2022-25866Apr 25, 2022risk 0.00cvss —epss 0.02
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that…
- CVE-2022-29078Apr 25, 2022risk 0.00cvss —epss 0.93
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is…
- CVE-2022-21223Apr 1, 2022risk 0.00cvss —epss 0.01
The package cocoapods-downloader before 1.6.2 are vulnerable to Command Injection via hg argument injection. When calling the download function (when using hg), the url (and/or revision, tag, branch) is passed to the hg clone command in a way that additional flags can be set.…
- CVE-2022-24440Apr 1, 2022risk 0.00cvss —epss 0.01
The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git…
- CVE-2022-21187Mar 14, 2022risk 0.00cvss —epss 0.01
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command…
- CVE-2022-24760Mar 11, 2022risk 0.00cvss —epss 0.76
Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the…
- CVE-2022-24433Mar 11, 2022risk 0.00cvss —epss 0.01
The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was…
- CVE-2022-21705Feb 23, 2022risk 0.00cvss —epss 0.70
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to…
- CVE-2022-25337Feb 18, 2022risk 0.00cvss —epss 0.01
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows injection attacks via image filenames.
- CVE-2022-23616Feb 9, 2022risk 0.00cvss —epss 0.02
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset…
- CVE-2022-23614Feb 4, 2022risk 0.00cvss —epss 0.21
Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to…
- CVE-2022-21724Feb 2, 2022risk 0.00cvss —epss 0.03
pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin…
- CVE-2022-21687Feb 1, 2022risk 0.00cvss —epss 0.00
gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running…
- CVE-2021-32649Jan 14, 2022risk 0.00cvss —epss 0.01
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially…
- CVE-2021-32650Jan 14, 2022risk 0.00cvss —epss 0.01
October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode…
- CVE-2021-29454Jan 10, 2022risk 0.00cvss —epss 0.01
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user…
- CVE-2022-22817Jan 7, 2022risk 0.00cvss —epss 0.03
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.