Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-88

CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Parent: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

359 vulnerabilities with CWE-88

CVE-2023-34395 HIGH

Apache Airflow ODBC Provider < 4.0.0 - Command Injection via ODBC Driver Parameters

CVE-2023-25356 HIGH

CoreDial sipXcom <=21.04 - Command Injection

CVE-2022-31749 MEDIUM

WatchGuard Fireware OS <12.8.1-12.5.10 - Command Injection

CVE-2022-37705 MEDIUM

Amanda 3.5.1 - Privilege Escalation via runtar SUID Argument Injection

CVE-2022-47502 HIGH

Apache OpenOffice < 4.1.13 - Arbitrary Script Execution via Macro Link URI Scheme

CVE-2022-40677 HIGH

Fortinet FortiNAC <9.4.0 - Command Injection

CVE-2022-4864 MEDIUM

froxlor/froxlor <2.0.0-beta1 - Command Injection

CVE-2022-46883 HIGH

Mozilla Firefox <106 - Memory Corruption

CVE-2022-47926 CRITICAL

AyaCMS 3.1.2 - Unauthenticated File Deletion via fst_del.inc.php

CVE-2022-44731 MEDIUM

SIMATIC WinCC OA - Command Injection

CVE-2022-23740 HIGH

GitHub Enterprise Server 3.7.0 - Remote Code Execution via GitHub Pages Build

CVE-2022-45062 CRITICAL

Xfce xfce4-settings <4.16.4-4.17.1 - Command Injection

CVE-2022-42968 CRITICAL

Gitea < 1.17.3 - OS Command Injection via Git Ref Argument Mishandling

CVE-2022-3140 MEDIUM

LibreOffice <7.4.1 and <7.3.6 - Macro Execution via Office URI Scheme

CVE-2022-20930 MEDIUM

Cisco SD-WAN Software < 20.6.2 - Authenticated Arbitrary File Write via CLI Command Injection

CVE-2022-37027 HIGH

Ahsay Cloud Backup Suite 9.1.4.0 - Authenticated Argument Injection via Runtime Options

CVE-2022-36069 HIGH

Poetry < 1.1.9 - Command Injection via Git Dependency URL Argument

CVE-2022-36804 HIGH KEV

Atlassian Bitbucket Server/Data Center <7.6.17/<7.17.10/<7.21.4/<8....

CVE-2022-1399 CRITICAL

Device42 CMDB <18.01.00 - Command Injection

CVE-2022-37005 HIGH

Huawei EMUI - Argument Injection in Settings Application

CVE-2022-25973 HIGH

mc-kill-port - Arbitrary Command Execution via Port Argument Injection

CVE-2022-36322 MEDIUM

JetBrains TeamCity <2022.04.2 - Code Injection

CVE-2022-25900 HIGH

git-clone - Command Injection via --upload-pack Feature

CVE-2022-31084 HIGH

LDAP Account Manager <8.0 - Code Injection

CVE-2022-31246 MEDIUM

Electrum < 4.2.2 - Argument Injection via Payment Request URL Parameter

Previous Page 8 of 15 Next

Details

Vulnerabilities 359

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy