CWE-74— Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.— MITRE CWE catalog
5,076 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-74page 8 of 102
- CVE-2020-14434MEDIUMCVSS 6.8EG 6.82020-06-18
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.…
- CVE-2020-14435HIGHCVSS 8.8EG 8.82020-06-18
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 b…
- CVE-2020-14436HIGHCVSS 8.8EG 8.82020-06-18
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 bef…
- CVE-2020-14505CRITICALCVSS 9.8EG 9.82020-07-15
Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. Successful exploitation of this vulnerability may allow an attacker to send a HTTP GET o…
- CVE-2020-14571HIGHCVSS 7.2EG 7.22020-07-15
Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticat…
- CVE-2020-1481HIGHCVSS 8.8EG 8.82020-07-14
A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'.
- CVE-2020-14928MEDIUMCVSS 5.9EG 5.92020-07-17
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
- CVE-2020-14954MEDIUMCVSS 5.9EG 5.92020-06-21
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a man-in-the-middle attacker) and …
- CVE-2020-14965MEDIUMCVSS 4.8EG 4.82020-06-23
On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with access to the admin panel can inject HTML code and change the HTML context of the target pages and stations in the access-control settings via targets_lists_name or hosts_…
- CVE-2020-14987HIGHCVSS 7.2EG 7.22021-03-11
An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts …
- CVE-2020-15011MEDIUMCVSS 4.3EG 4.32020-06-24
GNU Mailman before 2.1.33 allows arbitrary content injection via the Cgi/private.py private archive login page.
- CVE-2020-15070HIGHCVSS 8.8EG 8.82020-08-21
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.
- CVE-2020-15111MEDIUMCVSS 4.2EG 4.22020-07-20
In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and…
- CVE-2020-15140HIGHCVSS 8.2EG 8.22020-08-21
In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing…
- CVE-2020-15143HIGHCVSS 7.7EG 7.72020-08-20
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to acces…
- CVE-2020-15146CRITICALCVSS 9.6EG 9.62020-08-20
In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly. This allows the attacker to access…
- CVE-2020-15147HIGHCVSS 8.5EG 8.52020-08-21
Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's goin…
- CVE-2020-15164CRITICALCVSS 10.0EG 10.02020-08-28
in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This af…
- CVE-2020-15171MEDIUMCVSS 6.6EG 6.62020-09-10
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke m…
- CVE-2020-15184LOWCVSS 3.7EG 3.72020-09-17
In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3…
- CVE-2020-15185LOWCVSS 2.2EG 2.22020-09-17
In Helm before versions 2.16.11 and 3.3.2, a Helm repository can contain duplicates of the same chart, with the last one always used. If a repository is compromised, this lowers the level of access that an attacker needs to inject a bad ch…
- CVE-2020-15186LOWCVSS 3.4EG 3.42020-09-17
In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of anoth…
- CVE-2020-15187LOWCVSS 3.0EG 3.02020-09-17
In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain duplicates of the same entry, with the last one always used. If a plugin is compromised, this lowers the level of access that an attacker needs to modify a plugin's insta…
- CVE-2020-15227HIGHCVSS 8.7EG 8.72020-10-01
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
- CVE-2020-15238HIGHCVSS 7.1EG 7.12020-10-27
Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polk…
- CVE-2020-15244HIGHCVSS 8.0EG 8.02020-10-21
In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product. The issue …
- CVE-2020-15252HIGHCVSS 8.5EG 8.52020-10-16
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke met…
- CVE-2020-15255HIGHCVSS 8.7EG 8.72020-10-16
In Anuko Time Tracker before verion 1.19.23.5325, due to not properly filtered user input a CSV export of a report could contain cells that are treated as formulas by spreadsheet software (for example, when a cell value starts with an equa…
- CVE-2020-15348CRITICALCVSS 9.8EG 9.82020-06-26
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
- CVE-2020-15477CRITICALCVSS 9.8EG 9.82020-07-23
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to th…
- CVE-2020-15489CRITICALCVSS 9.8EG 9.82020-07-01
An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges.
- CVE-2020-15690CRITICALCVSS 9.8EG 9.82021-01-30
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
- CVE-2020-15693MEDIUMCVSS 6.5EG 6.52020-08-14
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the U…
- CVE-2020-15816HIGHCVSS 8.8EG 8.82020-07-17
In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.
- CVE-2020-15951MEDIUMCVSS 6.1EG 6.12020-11-05
Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect applicati…
- CVE-2020-15953HIGHCVSS 7.4EG 7.42020-07-27
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a me…
- CVE-2020-16087HIGHCVSS 8.6EG 8.62020-08-13
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.
- CVE-2020-16230LOWCVSS 2.3EG 2.32020-09-18
All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as (*) under which domains can request resources. An attacker with local access and high privileges could inject scripts into the Cross-origin Resource Sharing (CORS) conf…
- CVE-2020-16254MEDIUMCVSS 6.1EG 6.12020-08-05
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute).
- CVE-2020-16268HIGHCVSS 8.8EG 8.82020-12-29
The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disabl…
- CVE-2020-16875HIGHCVSS 8.4EG 9.02020-09-11
<p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the Sys…
- CVE-2020-17496CRITICALCVSS 9.8EG 9.8⚠ KEV2020-08-12
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.
- CVE-2020-1790HIGHCVSS 8.8EG 8.82020-02-18
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could a…
- CVE-2020-17952CRITICALCVSS 9.8EG 9.82021-07-26
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.
- CVE-2020-1811HIGHCVSS 8.8EG 8.82020-02-18
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Succ…
- CVE-2020-18875HIGHCVSS 8.8EG 8.82021-08-18
Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files.
- CVE-2020-1958MEDIUMCVSS 6.5EG 6.52020-04-01
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authent…
- CVE-2020-1961CRITICALCVSS 9.8EG 9.82020-05-04
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (…
- CVE-2020-20601CRITICALCVSS 9.8EG 9.82021-12-22
An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet.
- CVE-2020-21523CRITICALCVSS 9.8EG 9.82020-09-30
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendere…
Map vulnerabilities like CWE-74 to your infrastructure
EchelonGraph correlates every CVE — across CWE-74 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →