CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Description
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-10 · CAPEC-101 · CAPEC-105 · CAPEC-108 · CAPEC-120 · CAPEC-13 · CAPEC-135 · CAPEC-14 · CAPEC-24 · CAPEC-250 · CAPEC-267 · CAPEC-273 · CAPEC-28 · CAPEC-3 · CAPEC-34 · CAPEC-42 · CAPEC-43 · CAPEC-45 · CAPEC-46 · CAPEC-47 · CAPEC-51 · CAPEC-52 · CAPEC-53 · CAPEC-6 · CAPEC-64 · CAPEC-67 · CAPEC-7 · CAPEC-71 · CAPEC-72 · CAPEC-76 · CAPEC-78 · CAPEC-79 · CAPEC-8 · CAPEC-80 · CAPEC-83 · CAPEC-84 · CAPEC-9
CVEs mapped to this weakness (3,116)
page 5 of 156| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5227 | Hig | 0.57 | 8.8 | 0.03 | Oct 18, 2017 | The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter. | ||
| CVE-2017-9135 | Hig | 0.57 | 8.8 | 0.01 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST… | ||
| CVE-2017-9133 | Hig | 0.57 | 8.8 | 0.01 | May 21, 2017 | An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which… | ||
| CVE-2017-6031 | Hig | 0.57 | 8.8 | 0.03 | May 6, 2017 | A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution. | ||
| CVE-2017-2140 | Hig | 0.57 | 8.8 | 0.01 | Apr 28, 2017 | Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory. | ||
| CVE-2017-5585 | Hig | 0.57 | 8.8 | 0.02 | Feb 22, 2017 | OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection… | ||
| CVE-2016-10131 | Cri | 0.57 | 9.8 | 0.03 | Jan 12, 2017 | system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments. | ||
| CVE-2016-5685 | Hig | 0.57 | 8.8 | 0.02 | Nov 29, 2016 | Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | ||
| CVE-2025-7350 | — | Hig | 0.56 | — | 0.01 | Sep 9, 2025 | A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication. | |
| CVE-2015-4075 | Hig | 0.56 | 8.1 | 0.07 | Sep 20, 2017 | The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | ||
| CVE-2024-32986 | Cri | 0.55 | 9.6 | 0.01 | May 3, 2024 | PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and… | ||
| CVE-2025-6095 | Hig | 0.54 | 7.3 | 0.02 | Jun 15, 2025 | A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack… | ||
| CVE-2026-42835 | Hig | 0.53 | 8.1 | 0.01 | Jun 9, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network. | ||
| CVE-2026-33833 | — | Hig | 0.53 | 8.2 | 0.01 | May 12, 2026 | Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2025-27509 | Cri | 0.53 | — | 0.01 | Mar 6, 2025 | fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is… | ||
| CVE-2017-5630 | Hig | 0.53 | 7.5 | 0.13 | Feb 1, 2017 | PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite. | ||
| CVE-2016-2204 | Hig | 0.53 | 8.2 | 0.01 | Apr 22, 2016 | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input. | ||
| CVE-2026-44182 | cri | 0.52 | — | 0.00 | Jun 3, 2026 | ### Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like `securityContext` and inject multi-document YAML to create additional unintended Kubernetes resources. ###… | ||
| CVE-2025-3545 | Hig | 0.52 | 8.0 | 0.01 | Apr 14, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST… | ||
| CVE-2025-3544 | Hig | 0.52 | 8.0 | 0.01 | Apr 14, 2025 | A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP… |
- risk 0.57cvss 8.8epss 0.03
The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter.
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa Backhaul Radios before 2.2.4. On the backend of the device's web interface, there are some diagnostic tests available that are not displayed on the webpage; these are only accessible by crafting a POST…
- risk 0.57cvss 8.8epss 0.01
An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is allowed to specify which…
- risk 0.57cvss 8.8epss 0.03
A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.
- risk 0.57cvss 8.8epss 0.01
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.
- risk 0.57cvss 8.8epss 0.02
OpenText Documentum Content Server (formerly EMC Documentum Content Server) 7.3, when PostgreSQL Database is used and return_top_results_row_based config option is false, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection…
- risk 0.57cvss 9.8epss 0.03
system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote attackers to execute arbitrary code by leveraging control over the email->from field to insert sendmail command-line arguments.
- risk 0.57cvss 8.8epss 0.02
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
- risk 0.56cvss —epss 0.01
A security issue affecting multiple Cisco devices also directly impacts Stratix® 5410, 5700, and 8000 devices. This can lead to remote code execution by uploading and running malicious configurations without authentication.
- risk 0.56cvss 8.1epss 0.07
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
- risk 0.55cvss 9.6epss 0.01
PWAsForFirefox is a tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox. Due to improper sanitization of web app properties (such as name, description, shortcuts), web apps were able to inject additional lines into XDG Desktop Entries (on Linux) and…
- risk 0.54cvss 7.3epss 0.02
A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack…
- risk 0.53cvss 8.1epss 0.01
Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
- risk 0.53cvss 8.2epss 0.01
Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.
- risk 0.53cvss —epss 0.01
fleetdm/fleet is an open source device management, built on osquery. In vulnerable versions of Fleet, an attacker could craft a specially-formed SAML response to forge authentication assertions, provision a new administrative user account if Just-In-Time (JIT) provisioning is…
- risk 0.53cvss 7.5epss 0.13
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite.
- risk 0.53cvss 8.2epss 0.01
The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to obtain root-shell access via crafted terminal-window input.
- risk 0.52cvss —epss 0.00
### Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like `securityContext` and inject multi-document YAML to create additional unintended Kubernetes resources. ###…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been classified as critical. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/setLanguage of the component HTTP POST…
- risk 0.52cvss 8.0epss 0.01
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014 and classified as critical. This issue affects the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getCapabilityWeb of the component HTTP…