VYPR

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

ClassDraftLikelihood: High

Description

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-136 · CAPEC-15 · CAPEC-183 · CAPEC-248 · CAPEC-40 · CAPEC-43 · CAPEC-75 · CAPEC-76

CVEs mapped to this weakness (1,552)

page 63 of 78
  • CVE-2019-17361Jan 17, 2020
    risk 0.01cvss epss 0.15

    In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host.

  • CVE-2015-7839Oct 15, 2015
    risk 0.01cvss epss 0.07

    SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.

  • CVE-2015-1986Jun 30, 2015
    risk 0.01cvss epss 0.08

    The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938.

  • CVE-2015-0538May 7, 2015
    risk 0.01cvss epss 0.07

    ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.

  • CVE-2015-0225Apr 3, 2015
    risk 0.01cvss epss 0.07

    The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request.

  • CVE-2014-3556Dec 29, 2014
    risk 0.01cvss epss 0.08

    The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by…

  • CVE-2014-3524Aug 26, 2014
    risk 0.01cvss epss 0.15

    Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.

  • CVE-2010-0136Feb 16, 2010
    risk 0.01cvss epss 0.08

    OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.

  • CVE-2026-47242Jun 9, 2026
    risk 0.00cvss epss 0.00

    ### Summary Two `Net::IMAP` commands, `#id` and `#enable`, do not validate their arguments. Arguments to either command could be used by an attacker to inject arbitrary IMAP commands. Please note that passing untrusted inputs to these commands is usually inappropriate and…

  • CVE-2026-47240Jun 9, 2026
    risk 0.00cvss epss 0.00

    Several Net::IMAP commands accept a "raw data" argument that is sent verbatim after validation to prevent command injection. However, if a server does not support non-synchronizing literals, it may still be possible to inject arbitrary IMAP commands inside non-synchronizing…

  • CVE-2026-5433May 21, 2026
    risk 0.00cvss epss 0.00

    Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

  • CVE-2026-24516Mar 23, 2026
    risk 0.00cvss epss 0.03

    A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the…

  • CVE-2026-31862Mar 11, 2026
    risk 0.00cvss epss 0.00

    Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit), allowing…

  • CVE-2026-32063Mar 11, 2026
    risk 0.00cvss epss 0.01

    OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF characters, allowing newline injection to break out of Environment= lines and…

  • CVE-2026-25041Mar 9, 2026
    risk 0.00cvss epss 0.00

    Budibase is a low code platform for creating internal tools, workflows, and admin panels. In 3.23.22 and earlier, the PostgreSQL integration constructs shell commands using user-controlled configuration values (database name, host, password, etc.) without proper sanitization.…

  • CVE-2026-3484Mar 3, 2026
    risk 0.00cvss epss 0.03

    A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command…

  • CVE-2026-2256Mar 2, 2026
    risk 0.00cvss epss 0.02

    A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.

  • CVE-2026-27001Feb 19, 2026
    risk 0.00cvss epss 0.00

    OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory (workspace path) into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format…

  • CVE-2026-25761Feb 9, 2026
    risk 0.00cvss epss 0.01

    Super-linter is a combination of multiple linters to run as a GitHub Action or standalone. From 6.0.0 to 8.3.0, the Super-linter GitHub Action is vulnerable to command injection via crafted filenames. When this action is used in downstream GitHub Actions workflows, an attacker…

  • CVE-2026-2130Feb 8, 2026
    risk 0.00cvss epss 0.02

    A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack may be launched remotely.…