CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,078 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 11 of 102
- CVE-2020-6245MEDIUMCVSS 6.7EG 6.72020-05-12
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
- CVE-2020-6261MEDIUMCVSS 5.3EG 5.32020-07-01
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
- CVE-2020-6262HIGHCVSS 8.8EG 8.82020-05-12
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could ther…
- CVE-2020-6581HIGHCVSS 7.3EG 7.32020-03-16
Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nasty_metachars interprets \n as the character \ and the character n (not as the \n newline sequence). This can cause command injection.
- CVE-2020-6811HIGHCVSS 8.8EG 8.82020-03-25
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could ha…
- CVE-2020-6858MEDIUMCVSS 6.5EG 6.52020-03-12
Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to CRLF Injection. This is exploitable if untrusted user input can appear in a response header.
- CVE-2020-6982HIGHCVSS 8.8EG 8.82020-03-24
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution.
- CVE-2020-7044HIGHCVSS 7.5EG 7.52020-01-16
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.
- CVE-2020-7045MEDIUMCVSS 6.5EG 6.52020-01-16
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.
- CVE-2020-7049HIGHCVSS 7.3EG 7.32020-06-30
Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.
- CVE-2020-7111HIGHCVSS 7.2EG 7.22020-04-16
A server side injection vulnerability exists which could allow an authenticated administrative user to achieve Remote Code Execution in ClearPass. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher.
- CVE-2020-7171CRITICALCVSS 9.8EG 9.82020-10-19
A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- CVE-2020-7172CRITICALCVSS 9.8EG 9.82020-10-19
A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
- CVE-2020-7464MEDIUMCVSS 5.3EG 5.32021-03-26
In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-RELEASE before p4, and 11.3-RELEASE before p14, a programming error in the ure(4) device driver caused some Realtek USB Ethernet interfaces to…
- CVE-2020-7475CRITICALCVSS 9.8EG 9.82020-03-23
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to 14.1 Hot Fix), Unity Pro (all versions)…
- CVE-2020-7489CRITICALCVSS 9.8EG 9.82020-04-22
A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability exists on EcoStruxure Machine Expert – Basic or SoMachine Basic programming software (versions in security notific…
- CVE-2020-7635CRITICALCVSS 9.8EG 9.82020-04-06
compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument.
- CVE-2020-7695MEDIUMCVSS 5.3EG 5.32020-07-27
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, …
- CVE-2020-7749HIGHCVSS 7.6EG 7.62020-10-20
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending o…
- CVE-2020-7782CRITICALCVSS 9.8EG 9.82021-02-08
This affects all versions of package spritesheet-js. It depends on a vulnerable package platform-command. The injection point is located in line 32 in lib/generator.js, which is triggered by main entry of the package.
- CVE-2020-7786CRITICALCVSS 9.8EG 9.82021-02-08
This affects all versions of package macfromip. The injection point is located in line 66 in macfromip.js.
- CVE-2020-7799HIGHCVSS 7.2EG 7.22020-01-28
An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating sys…
- CVE-2020-7814HIGHCVSS 7.8EG 7.82020-07-10
RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download …
- CVE-2020-7815HIGHCVSS 7.8EG 7.82020-07-10
XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____…
- CVE-2020-7947CRITICALCVSS 9.8EG 9.82020-04-01
An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validat…
- CVE-2020-7982HIGHCVSS 8.1EG 8.12020-03-16
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, …
- CVE-2020-8093MEDIUMCVSS 5.3EG 5.32020-01-30
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
- CVE-2020-8177HIGHCVSS 7.8EG 7.12020-12-14
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
- CVE-2020-8468HIGHCVSS 8.8EG 9.0⚠ KEV2020-03-18
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents are affected by a content validation escape vulnerability which could allow an attacker to manipulate certain agent client components. An a…
- CVE-2020-8478MEDIUMCVSS 5.3EG 5.32020-04-29
Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated o…
- CVE-2020-8515CRITICALCVSS 9.8EG 9.8⚠ KEV2020-02-01
DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. T…
- CVE-2020-8644CRITICALCVSS 9.8EG 9.8⚠ KEV2020-02-05
PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.
- CVE-2020-8797MEDIUMCVSS 6.7EG 6.72020-04-23
Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an unsanitized exec call (aka Command Line Injection), if the undocumented telnetd service is enabled and the attacker can authenticate as admin…
- CVE-2020-8800HIGHCVSS 8.8EG 8.82020-02-13
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.
- CVE-2020-8801HIGHCVSS 7.2EG 7.22020-02-13
SuiteCRM through 7.11.11 allows PHAR Deserialization.
- CVE-2020-8821MEDIUMCVSS 5.4EG 5.42020-10-12
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying lo…
- CVE-2020-9017HIGHCVSS 8.0EG 8.02020-02-25
LiteCart through 2.2.1 allows CSV injection via a customer's profile.
- CVE-2020-9092MEDIUMCVSS 4.6EG 4.62020-10-19
HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This c…
- CVE-2020-9254HIGHCVSS 7.8EG 7.82020-07-17
HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. A logic error occ…
- CVE-2020-9297CRITICALCVSS 9.8EG 9.82020-07-14
Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, includi…
- CVE-2020-9314MEDIUMCVSS 4.8EG 4.82020-05-10
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012…
- CVE-2020-9347CRITICALCVSS 9.8EG 9.82020-03-16
Zoho ManageEngine Password Manager Pro through 10.x has a CSV Excel Macro Injection vulnerability via a crafted name that is mishandled by the Export Passwords feature. NOTE: the vendor disputes the significance of this report because they…
- CVE-2020-9372HIGHCVSS 7.8EG 7.82020-03-04
The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.…
- CVE-2020-9376HIGHCVSS 7.5EG 9.02020-07-09
D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
- CVE-2020-9382MEDIUMCVSS 5.4EG 5.42020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function.
- CVE-2020-9406CRITICALCVSS 9.8EG 9.82020-02-26
IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.
- CVE-2020-9410HIGHCVSS 7.3EG 8.82020-05-20
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Serv…
- CVE-2020-9428HIGHCVSS 7.5EG 7.52020-02-27
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.
- CVE-2020-9466MEDIUMCVSS 6.1EG 6.12020-02-28
The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.
- CVE-2020-9495MEDIUMCVSS 5.3EG 5.32020-06-19
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possi…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →