VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 45 of 78
  • CVE-2026-31171MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the url parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31165MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeServiceName parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31164MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the pppoeMtu parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31160MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the provider parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-31159MedApr 23, 2026
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi.

  • CVE-2026-20096MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is…

  • CVE-2026-20095MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system and execute arbitrary commands as the root user. This vulnerability is…

  • CVE-2026-32241HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.03

    Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command…

  • CVE-2026-26136MedMar 19, 2026
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2025-63258MedNov 18, 2025
    risk 0.42cvss 6.5epss 0.00

    A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03,…

  • CVE-2025-61141HigOct 30, 2025
    risk 0.42cvss 7.5epss 0.01

    sqls-server/sqls 0.2.28 is vulnerable to command injection in the config command because the openEditor function passes the EDITOR environment variable and config file path to sh -c without sanitization, allowing attackers to execute arbitrary commands.

  • CVE-2025-61514MedOct 16, 2025
    risk 0.42cvss 6.5epss 0.00

    An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.

  • CVE-2025-58358HigSep 4, 2025
    risk 0.42cvss 7.5epss 0.01

    Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to child_process.exec, enabling an attacker to inject…

  • CVE-2025-44179MedAug 25, 2025
    risk 0.42cvss 6.5epss 0.01

    Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker can exploit this vulnerability by injecting arbitrary commands through…

  • CVE-2025-52337MedAug 19, 2025
    risk 0.42cvss 6.5epss 0.00

    An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file.

  • CVE-2025-50461MedAug 19, 2025
    risk 0.42cvss 6.5epss 0.00

    A deserialization vulnerability exists in Volcengine's verl 3.0.0, specifically in the scripts/model_merger.py script when using the "fsdp" backend. The script calls torch.load() with weights_only=False on user-supplied .pt files, allowing attackers to execute arbitrary code if…

  • CVE-2025-50515MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded.

  • CVE-2025-7952MedJul 22, 2025
    risk 0.42cvss 6.3epss 0.15

    A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748. This vulnerability affects the function ckeckKeepAlive of the file wireless.so of the component MQTT Packet Handler. The manipulation leads to command injection. The attack can be initiated remotely.…

  • CVE-2025-53832HigJul 21, 2025
    risk 0.42cvss 7.5epss 0.08

    Lara Translate MCP Server is a Model Context Protocol (MCP) Server for Lara Translate API. Versions 0.0.11 and below contain a command injection vulnerability which exists in the @translated/lara-mcp MCP Server. The vulnerability is caused by the unsanitized use of input…

  • CVE-2025-54073HigJul 18, 2025
    risk 0.42cvss 7.5epss 0.08

    mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol (LSP) capabilities. A command injection vulnerability exists in the `mcp-package-docs`…