VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 30 of 78
  • CVE-2024-35242HigJun 10, 2024
    risk 0.50cvss 8.8epss 0.03

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.…

  • CVE-2024-35241HigJun 10, 2024
    risk 0.50cvss 8.8epss 0.01

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code.…

  • CVE-2023-6940HigDec 19, 2023
    risk 0.50cvss 8.8epss 0.01

    with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

  • CVE-2023-37469HigAug 24, 2023
    risk 0.50cvss 8.8epss 0.01

    CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.

  • CVE-2023-30260HigJun 23, 2023
    risk 0.50cvss 8.8epss 0.02

    Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.

  • CVE-2023-34233HigJun 8, 2023
    risk 0.50cvss 8.8epss 0.02

    The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-on(SSO) browser URL authentication. In order…

  • CVE-2023-34231HigJun 8, 2023
    risk 0.50cvss 8.8epss 0.02

    gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on (SSO) browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be…

  • CVE-2023-30623HigApr 24, 2023
    risk 0.50cvss 8.8epss 0.04

    `embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string…

  • CVE-2023-27581HigMar 13, 2023
    risk 0.50cvss 8.8epss 0.02

    github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be…

  • CVE-2021-41144HigJan 27, 2023
    risk 0.50cvss 8.8epss 0.01

    OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.

  • CVE-2021-41146HigOct 21, 2021
    risk 0.50cvss 8.8epss 0.01

    qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead…

  • CVE-2021-37708HigAug 16, 2021
    risk 0.50cvss 8.8epss 0.02

    Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a command injection vulnerability in mail agent settings. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available…

  • CVE-2013-2516HigFeb 15, 2019
    risk 0.50cvss 8.8epss 0.03

    Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.

  • CVE-2014-6633HigApr 12, 2018
    risk 0.50cvss 8.8epss 0.03

    The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the collection.domain in the webdav…

  • CVE-2026-33111HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-38834HigApr 21, 2026
    risk 0.49cvss 7.3epss 0.01

    Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the do_ping_action function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

  • CVE-2026-4399HigMar 31, 2026
    risk 0.49cvss 7.5epss 0.00

    Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a way that, upon receiving an affirmative response ('true'), the model executes the…

  • CVE-2025-56406HigSep 10, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended…

  • CVE-2025-48978HigAug 21, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. Affected Products: EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) Mitigation: …

  • CVE-2025-27211HigAug 4, 2025
    risk 0.49cvss 7.5epss 0.01

    An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.