Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-88

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88

CVE-2024-3817 CRITICAL

HashiCorp's go-getter - Code Injection

CVE-2024-3367 MEDIUM

Checkmk <2.2.0p26,<2.3.0b5 - Command Injection

CVE-2024-3775 MEDIUM

aEnrich Technology a+HRD - Code Injection

CVE-2024-24576 CRITICAL

Rust <1.77.2 - Command Injection

CVE-2024-22182 HIGH

Commend WS203VICM < 1.7 - Unauthenticated Denial of Service via Crafted Web Server Messages

CVE-2024-23731 CRITICAL

embedchain < 0.1.57 - Remote Code Execution via OpenAPI Loader YAML Deserialization

CVE-2024-20287 MEDIUM

Cisco WAP371 Wireless-AC/N Dual Radio - Command Injection

CVE-2023-50232 HIGH

Inductive Automation Ignition 8.1.0-8.1.33 - Remote Code Execution via getParams Argument Injection

CVE-2023-44452 HIGH

Linux Mint Xreader - Remote Code Execution via CBT File Parsing Argument Injection

CVE-2023-20260 MEDIUM

Cisco Prime Infrastructure - Privilege Escalation

CVE-2023-6634 HIGH

LearnPress <4.2.5.7 - Command Injection

CVE-2023-47804 HIGH

Apache OpenOffice < 4.1.15 - Unauthenticated Arbitrary Script Execution via Macro Link Activation

CVE-2023-46681 HIGH

VR-S1000 Firmware < 2.37 - Authenticated OS Command Injection via CLI

CVE-2023-6792 MEDIUM

PAN-OS 8.1.0-8.1.23 - Authenticated OS Command Injection via XML API

CVE-2023-49096 HIGH

jellyfin < 10.8.13 - Unauthenticated Argument Injection via Video and Audio Stream Endpoints

CVE-2023-6269 CRITICAL

Atos Unify OpenScape <V10 R3.4.0, V10R10.12.00, V10R11.05.02 - Comm...

CVE-2023-0633 HIGH

Docker Desktop < 4.12.0 - Local Privilege Escalation via Installer Argument Injection

CVE-2023-26143 MEDIUM

blamer < 1.0.4 - Arbitrary Argument Injection via blameByFile API

CVE-2023-39288 MEDIUM

Mitel MiVoice Connect <9.6.2304.102 - Command Injection

CVE-2023-39287 MEDIUM

Mitel MiVoice Connect <19.3 SP3 - Command Injection

CVE-2023-20224 HIGH

Cisco ThousandEyes Enterprise Agent - Privilege Escalation

CVE-2023-26310 HIGH

Mobile Phone Backup App - Command Injection

CVE-2023-33378 CRITICAL

Connected IO <2.1.0 - Command Injection

CVE-2023-33376 CRITICAL

Connected IO <2.1.0 - Command Injection

CVE-2023-30577 HIGH

AMANDA <tag-community-3.5.4 - Info Disclosure

Previous Page 7 of 15 Next

Details

Vulnerabilities 359

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy