VYPR

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

ClassIncompleteLikelihood: High

Description

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-10 · CAPEC-101 · CAPEC-105 · CAPEC-108 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-14 · CAPEC-24 · CAPEC-250 · CAPEC-267 · CAPEC-273 · CAPEC-28 · CAPEC-3 · CAPEC-34 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-51 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-83 · CAPEC-84 · CAPEC-9

CVEs mapped to this weakness (3,116)

page 2 of 156
  • CVE-2017-15714CriJan 4, 2018
    risk 0.64cvss 9.8epss 0.03

    The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape user input property passed. This allows for code injection by passing that code through the URL. For example by appending this code "__format=%27;alert(%27xss%27)" to the URL an alert window would execute.

  • CVE-2017-1000453CriJan 2, 2018
    risk 0.64cvss 9.8epss 0.02

    CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.

  • CVE-2017-17790CriDec 20, 2017
    risk 0.64cvss 9.8epss 0.06

    The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 uses Kernel#open, which might allow Command Injection attacks, as demonstrated by a Resolv::Hosts::new argument beginning with a '|' character, a different vulnerability than CVE-2017-17405. NOTE: situations…

  • CVE-2017-8809CriNov 15, 2017
    risk 0.64cvss 9.8epss 0.08

    api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has a Reflected File Download vulnerability.

  • CVE-2017-5636CriOct 19, 2017
    risk 0.64cvss 9.8epss 0.04

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to…

  • CVE-2017-14397CriSep 12, 2017
    risk 0.64cvss 9.8epss 0.02

    AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.

  • CVE-2017-9861CriAug 5, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to…

  • CVE-2016-1155CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.02

    HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

  • CVE-2017-7239CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.04

    Ninka before 1.3.2 might allow remote attackers to obtain sensitive information, manipulate license compliance scan results, or cause a denial of service (process hang) via a crafted filename.

  • CVE-2015-7264CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.01

    The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks.

  • CVE-2017-5799HigFeb 15, 2018
    risk 0.61cvss 8.8epss 0.16

    A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).

  • CVE-2017-6971HigMar 22, 2017
    risk 0.61cvss 8.8epss 0.16

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault ID ENG-104862.

  • CVE-2016-6754HigNov 25, 2016
    risk 0.61cvss 8.8epss 0.05

    A remote code execution vulnerability in Webview in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-05 could enable a remote attacker to execute arbitrary code when the user is navigating to a website. This issue is rated as High due to the possibility of…

  • CVE-2025-70948CriMar 5, 2026
    risk 0.60cvss 9.3epss 0.00

    A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header.

  • CVE-2023-44373CriNov 14, 2023
    risk 0.59cvss 9.1epss 0.01

    Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323.

  • CVE-2022-36323CriAug 10, 2022
    risk 0.59cvss 9.1epss 0.01

    Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell.

  • CVE-2015-7544CriSep 25, 2017
    risk 0.59cvss 9.1epss 0.03

    redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary commands on any host in the RHEV environment.

  • CVE-2018-0313HigJun 21, 2018
    risk 0.58cvss 8.8epss 0.04

    A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to send a malicious packet to the management interface on an affected system and execute a command-injection exploit. The vulnerability is due to incorrect input…

  • CVE-2015-5377CriMar 6, 2018
    risk 0.58cvss 9.8epss 0.15

    Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport protocol. NOTE: ZDI appears to claim that CVE-2015-3253 and CVE-2015-5377 are the same vulnerability

  • CVE-2016-4461HigOct 16, 2017
    risk 0.58cvss 8.8epss 0.08

    Apache Struts 2.x before 2.3.29 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-0785.