CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88
CVE-2021-1484 MEDIUM
Cisco Catalyst SD-WAN Manager - Authenticated Command Injection via Device Template Configuration
CVSS 6.5
CVE-2021-46850 HIGH
myVesta Control Panel <0.9.8-26-43 - Command Injection
CVSS 7.2
CVE-2021-33473 CRITICAL
Dragonfly Ruby Gem <1.3.0 - Command Injection
CVSS 9.1
CVE-2021-43736 CRITICAL
CmsWing CMS 1.3.7 - Remote Code Execution via Log Rule Parameter
CVSS 9.8
CVE-2021-43809 MEDIUM
Bundler < 2.2.33 - Command Injection via Git URL Argument
CVSS 6.7
CVE-2021-37040 CRITICAL
HarmonyOS < 2.0 - Parameter Injection via CIFS Share Mounting
CVSS 9.8
CVE-2021-41146 HIGH
qutebrowser 1.7.0-2.4.0 - Remote Code Execution via URL Handler Command Injection
CVSS 8.8
CVE-2021-38112 HIGH
Amazon AWS WorkSpaces 3.0.10-3.1.8 - Remote Code Execution via Argument Injection in workspaces:// URI Handler
CVSS 8.8
CVE-2021-41316 HIGH
Device42 Main Appliance <17.05.01 - Code Injection
CVSS 8.1
CVE-2021-34718 HIGH
Cisco IOS XR - Privilege Escalation
CVSS 8.1
CVE-2021-21814 HIGH
ATT XMill - Buffer Overflow via Command Line Argument
CVSS 7.8
CVE-2021-3045 MEDIUM
Palo Alto Networks PAN-OS <8.1.19, <9.0.14, <9.1.10 - Command Injec...
CVSS 4.9
CVE-2021-3540 MEDIUM
Ivanti MobileIron Core <11.1.0.0 - RCE
CVSS 6.5
CVE-2021-34816 HIGH
Etherpad 1.8.13 - Command Injection
CVSS 7.2
CVE-2021-36122 HIGH
Echo ShareCare 8.15.5 - Command Injection
CVSS 8.8
CVE-2021-3256 MEDIUM
KuaiFanCMS V5.x - Arbitrary File Read via chakanhtml.module.php html_url Parameter
CVSS 6.5
CVE-2021-33564 CRITICAL
Dragonfly <1.4.0 - Command Injection
CVSS 9.8
CVE-2021-1531 HIGH
Cisco Modeling Labs - Command Injection
CVSS 8.8
CVE-2021-31909 CRITICAL
JetBrains TeamCity < 2020.2.3 - Remote Code Execution via Argument Injection
CVSS 9.8
CVE-2021-29472 HIGH
Composer < 1.10.22 - Remote Code Execution via Mercurial Repository URL
CVSS 8.8
CVE-2021-29461 HIGH
discord-recon < 0.0.3 - Remote Code Execution via Argument Injection
CVSS 8.1
CVE-2021-1485 MEDIUM
Cisco IOS XR < 7.3.1 - Authenticated Command Injection via CLI
CVSS 6.6
CVE-2021-21386 CRITICAL
APKLeaks < 2.0.3 - OS Command Injection via Package Name in Application Manifest
CVSS 9.3
CVE-2021-1454 MEDIUM
Cisco IOS XE SD-WAN - Privilege Escalation
CVSS 6.0
CVE-2021-1383 MEDIUM
Cisco IOS XE SD-WAN - Privilege Escalation
CVSS 6.0
Details
Vulnerabilities 359
Links
MITRE CWE Entry Search this CWE With Exploits