CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
Description
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76
CVEs mapped to this weakness (1,552)
page 35 of 78| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-23094 | Hig | 0.48 | 7.3 | 0.01 | Feb 6, 2025 | The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter… | ||
| CVE-2025-0328 | Hig | 0.48 | 7.3 | 0.02 | Jan 9, 2025 | A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument… | ||
| CVE-2024-49194 | Hig | 0.48 | 7.3 | 0.01 | Dec 17, 2024 | Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this… | ||
| CVE-2023-37154 | Hig | 0.48 | 8.4 | 0.00 | Oct 9, 2024 | check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior. | ||
| CVE-2024-22246 | Hig | 0.48 | 7.4 | 0.00 | Apr 2, 2024 | VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full… | ||
| CVE-2023-26155 | — | Hig | 0.48 | 7.3 | 0.02 | Oct 14, 2023 | All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once… | |
| CVE-2023-34230 | Hig | 0.48 | 7.3 | 0.01 | Jun 8, 2023 | snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious… | ||
| CVE-2023-30535 | Hig | 0.48 | 7.3 | 0.02 | Apr 14, 2023 | Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server… | ||
| CVE-2022-25855 | — | Hig | 0.48 | 7.4 | 0.01 | Feb 6, 2023 | All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |
| CVE-2022-25853 | — | Hig | 0.48 | 7.4 | 0.01 | Feb 6, 2023 | All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | |
| CVE-2022-25962 | — | Hig | 0.48 | 7.4 | 0.01 | Jan 26, 2023 | All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization. | |
| CVE-2022-25908 | — | Hig | 0.48 | 7.4 | 0.02 | Jan 26, 2023 | All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |
| CVE-2022-25350 | — | Hig | 0.48 | 7.4 | 0.01 | Jan 26, 2023 | All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | |
| CVE-2022-21810 | — | Hig | 0.48 | 7.4 | 0.01 | Jan 26, 2023 | All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |
| CVE-2022-25890 | — | Hig | 0.48 | 7.4 | 0.01 | Jan 9, 2023 | All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | |
| CVE-2022-4364 | Hig | 0.48 | 7.3 | 0.04 | Dec 8, 2022 | A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be… | ||
| CVE-2022-39243 | — | Hig | 0.48 | 8.4 | 0.01 | Sep 26, 2022 | NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line… | |
| CVE-2020-28433 | — | Hig | 0.48 | 7.3 | 0.01 | Aug 2, 2022 | This affects all versions of package node-latex-pdf. | |
| CVE-2020-28425 | — | Hig | 0.48 | 7.3 | 0.01 | Aug 2, 2022 | This affects all versions of package curljs. | |
| CVE-2020-28436 | — | Hig | 0.48 | 7.3 | 0.01 | Jul 25, 2022 | This affects all versions of package google-cloudstorage-commands. |
- risk 0.48cvss 7.3epss 0.01
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter…
- risk 0.48cvss 7.3epss 0.02
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument…
- risk 0.48cvss 7.3epss 0.01
Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this…
- risk 0.48cvss 8.4epss 0.00
check_by_ssh in Nagios nagios-plugins 2.4.5 allows arbitrary command execution via ProxyCommand, LocalCommand, and PermitLocalCommand with \${IFS}. This has been categorized both as fixed in e8810de, and as intended behavior.
- risk 0.48cvss 7.4epss 0.00
VMware SD-WAN Edge contains an unauthenticated command injection vulnerability potentially leading to remote code execution. A malicious actor with local access to the Edge Router UI during activation may be able to perform a command injection attack that could lead to full…
- risk 0.48cvss 7.3epss 0.02
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once…
- risk 0.48cvss 7.3epss 0.01
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in (1) establishing a malicious…
- risk 0.48cvss 7.3epss 0.02
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server…
- risk 0.48cvss 7.4epss 0.01
All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
- risk 0.48cvss 7.4epss 0.01
All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization.
- risk 0.48cvss 7.4epss 0.01
All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.
- risk 0.48cvss 7.4epss 0.02
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.
- risk 0.48cvss 7.4epss 0.01
All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.
- risk 0.48cvss 7.4epss 0.01
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
- risk 0.48cvss 7.4epss 0.01
All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization.
- risk 0.48cvss 7.3epss 0.04
A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. Affected by this issue is some unknown functionality of the file palette.php of the component Web Service Handler. The manipulation of the argument palette leads to command injection. The attack is possible to be…
- risk 0.48cvss 8.4epss 0.01
NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line…
- risk 0.48cvss 7.3epss 0.01
This affects all versions of package node-latex-pdf.
- risk 0.48cvss 7.3epss 0.01
This affects all versions of package curljs.
- risk 0.48cvss 7.3epss 0.01
This affects all versions of package google-cloudstorage-commands.