VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 44 of 78
  • CVE-2023-52137HigDec 29, 2023
    risk 0.43cvss 7.7epss 0.03

    The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-ac…

  • CVE-2016-8628HigJul 31, 2018
    risk 0.43cvss 7.6epss 0.03

    Ansible before version 2.2.0 fails to properly sanitize fact variables sent from the Ansible controller. An attacker with the ability to create special variables on the controller could execute arbitrary commands on Ansible clients as the user Ansible runs as.

  • CVE-2026-42824MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.08

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2024-52011HigJun 1, 2026
    risk 0.42cvss epss 0.01

    launch-editor allows users to open files with line numbers in editor from Node.js. Prior to version 2.9.0, due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that…

  • CVE-2026-48116HigMay 28, 2026
    risk 0.42cvss 7.5epss 0.00

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a --…

  • CVE-2026-42827MedMay 22, 2026
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-35070MedMay 20, 2026
    risk 0.42cvss 6.4epss 0.00

    Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…

  • CVE-2026-40135MedMay 12, 2026
    risk 0.42cvss 6.5epss 0.01

    An OS Command Injection vulnerability exists in the SAP NetWeaver Application Server for ABAP and ABAP Platform that allows an authenticated attacker with administrative access to execute specially crafted shell commands on the server, bypassing the logging mechanism. This…

  • CVE-2026-20169MedMay 6, 2026
    risk 0.42cvss 6.4epss 0.00

    A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of…

  • CVE-2026-31173MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31169MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31168MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31167MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31166MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31163MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31162MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31179MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31176MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun_user parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31174MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the informEnable parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31172MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the user parameter to /cgi-bin/cstecgi.cgi.