CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88
CVE-2004-0473
Opera < 7.50 - Argument Injection via Telnet URI Hostname
CVE-2004-0489
macOS X < 10.3.3 - Argument Injection via SSH URI Handler
CVE-2004-0121
Microsoft Outlook 2002 - Command Injection
CVE-2003-0907
Windows XP SP1 and Windows Server 2003 - Remote Code Execution via HCP URL Argument Injection
CVE-2002-0985
PHP 4.0-4.2.2 - Argument Injection via mail() Function
CVE-2001-0667 HIGH
Internet Explorer < 6.0 - Remote Code Execution via Telnet Log File Option
CVSS 7.3
CVE-2001-1246
PHP 4.0.5-4.1.0 - Command Injection via mail() Function 5th Parameter
CVE-2001-0150
Internet Explorer <5.5 - Command Injection
CVE-1999-0113
Some implementations of rlogin - Privilege Escalation
Details
Vulnerabilities 359
Links
MITRE CWE Entry Search this CWE With Exploits