VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 29 of 78
  • CVE-2017-2692HigNov 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The Keyguard application in ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier versions,ALE-L21C10B150 and earlier versions,ALE-L21C185B200 and earlier versions,ALE-L21C432B214 and earlier versions,ALE-L21C464B150 and earlier versions,ALE-L21C636B200 and earlier…

  • CVE-2015-6971HigOct 3, 2017
    risk 0.51cvss 7.8epss 0.00

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.

  • CVE-2015-5704HigSep 25, 2017
    risk 0.51cvss 7.8epss 0.01

    scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands.

  • CVE-2015-2210HigSep 6, 2017
    risk 0.51cvss 7.8epss 0.01

    The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell.

  • CVE-2017-6650HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the Telnet CLI command of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of…

  • CVE-2017-6649HigMay 22, 2017
    risk 0.51cvss 7.8epss 0.01

    A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An…

  • CVE-2014-4677HigFeb 22, 2017
    risk 0.51cvss 7.8epss 0.01

    The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

  • CVE-2016-9553HigJan 28, 2017
    risk 0.51cvss 7.2epss 0.19

    The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/controllers/MgrReport.php) component responsible for blocking and unblocking IP…

  • CVE-2015-8971HigJan 23, 2017
    risk 0.51cvss 7.8epss 0.01

    Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.

  • CVE-2015-8968HigNov 3, 2016
    risk 0.51cvss 8.8epss 0.05

    git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an…

  • CVE-2016-0328HigOct 22, 2016
    risk 0.51cvss 7.8epss 0.00

    IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors.

  • CVE-2016-0920HigSep 21, 2016
    risk 0.51cvss 7.8epss 0.00

    Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar Server before 7.3.0-233 allow local users to obtain root access via a crafted parameter to a command that is available in the sudo configuration.

  • CVE-2026-53822HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.01

    OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution. Attackers can rebuild command arguments after allowlist approval to execute unapproved command shapes, potentially bypassing security…

  • CVE-2026-42850HigJun 12, 2026
    risk 0.50cvss 8.8epss 0.00

    Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an error, this error is not escaped and will be correctly echoed back to the…

  • CVE-2026-11572HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.01

    Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec() method by _cloneWithGit() and fetchRefs() functions. An attacker can execute…

  • CVE-2026-45497HigJun 4, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

  • CVE-2026-40068HigMay 5, 2026
    risk 0.50cvss 8.8epss 0.00

    In versions 2.1.63 through 2.1.83 of Claude Code, the folder trust determination logic used the git worktree commondir file without validating its contents. An attacker could craft a malicious repository with a commondir file pointing to a path the victim had previously trusted,…

  • CVE-2026-39866HigApr 21, 2026
    risk 0.50cvss 8.8epss 0.02

    Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code execution. Commit fcba413f55dd47f8a3921445252849126c6266b2 patches the issue.

  • CVE-2026-30898HigApr 18, 2026
    risk 0.50cvss 8.8epss 0.01

    An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted…

  • CVE-2026-35643HigApr 10, 2026
    risk 0.50cvss 8.8epss 0.00

    OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context.