VYPR

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

BaseDraft

Description

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-137 · CAPEC-174 · CAPEC-41 · CAPEC-460 · CAPEC-88

CVEs mapped to this weakness (169)

page 1 of 9
  • CVE-2016-10033CriKEVDec 30, 2016
    risk 0.80cvss 9.8epss 1.00

    The mailSend function in the isMail transport in PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property.

  • CVE-2018-3856CriAug 23, 2018
    risk 0.65cvss 9.9epss 0.03

    An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can…

  • CVE-2026-47365CriJun 12, 2026
    risk 0.64cvss 9.9epss 0.00

    Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands as another account.

  • CVE-2026-44450CriMay 26, 2026
    risk 0.64cvss 9.9epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an…

  • CVE-2026-31230CriMay 12, 2026
    risk 0.64cvss 9.8epss 0.01

    The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a command-line argument injection vulnerability in its Kubeflow component (robustness_evaluation_fgsm_pytorch.py). The script uses the unsafe eval() function to parse string values provided via the --clip_values and…

  • CVE-2026-42601CriMay 9, 2026
    risk 0.64cvss 9.8epss 0.00

    ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables…

  • CVE-2024-47516CriMar 26, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

  • CVE-2018-13385CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.02

    There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system.…

  • CVE-2018-10992CriMay 11, 2018
    risk 0.64cvss 9.8epss 0.01

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument,…

  • CVE-2026-43941CriMay 8, 2026
    risk 0.62cvss 9.6epss 0.00

    electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who…

  • CVE-2026-44449CriMay 26, 2026
    risk 0.59cvss 9.1epss 0.00

    Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script…

  • CVE-2026-44790criMay 14, 2026
    risk 0.59cvss epss 0.01

    ## Impact An authenticated user with permission to create or modify workflows could inject CLI flags on the Git node's Push operation allowing an attacker to read arbitrary files from the n8n server potentially leading to full compromise. ## Patches The issue has been fixed in…

  • CVE-2026-2449CriApr 14, 2026
    risk 0.59cvss epss 0.00

    Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant Privilege Access: through 1.5.0.

  • CVE-2025-32931CriApr 14, 2025
    risk 0.59cvss 9.1epss 0.00

    DevDojo Voyager 1.4.0 through 1.8.0, when Laravel 8 or later is used, allows authenticated administrators to execute arbitrary OS commands via a specific php artisan command.

  • CVE-2017-14591CriNov 29, 2017
    risk 0.59cvss 9.0epss 0.02

    Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.

  • CVE-2026-40281CriMay 6, 2026
    risk 0.58cvss 10.0epss 0.01

    Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line…

  • CVE-2026-22738CriMar 27, 2026
    risk 0.57cvss 9.8epss 0.01

    In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input…

  • CVE-2026-0774HigJan 23, 2026
    risk 0.57cvss 8.8epss 0.01

    WatchYourLAN Configuration Page Argument Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of WatchYourLAN. Authentication is not required to exploit this vulnerability. The…

  • CVE-2024-58275HigDec 4, 2025
    risk 0.57cvss epss 0.02

    Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.

  • CVE-2025-12556HigNov 6, 2025
    risk 0.57cvss 8.8epss 0.00

    An argument injection vulnerability exists in the affected product that could allow an attacker to execute arbitrary code within the context of the host machine.