Common Weakness Enumeration
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Show details on NVD website
Back to CWE stats page
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2026-5353 (GCVE-0-2026-5353)
Vulnerability from cvelistv5 – Published: 2026-04-02 16:15 – Updated: 2026-04-02 16:21 Unsupported When Assigned
VLAI
Title
Trendnet TEW-657BRM setup.cgi ping_test os command injection
Summary
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354706 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354706/cti | signaturepermissions-required |
| https://vuldb.com/submit/781566 | third-party-advisory |
| https://github.com/panda666-888/vuls/blob/main/tr… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trendnet | TEW-657BRM |
Affected:
1.00.1
cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5353",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T16:20:40.314430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T16:21:43.958Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*"
],
"product": "TEW-657BRM",
"vendor": "Trendnet",
"versions": [
{
"status": "affected",
"version": "1.00.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor confirms, that \"[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website\u0027s product support page and notify customers who registered their products with us.\" This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T16:15:15.653Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354706 | Trendnet TEW-657BRM setup.cgi ping_test os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354706"
},
{
"name": "VDB-354706 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354706/cti"
},
{
"name": "Submit #781566 | TRENDnet TEW-657BRM 1.00.1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/781566"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/ping_test.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T18:52:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Trendnet TEW-657BRM setup.cgi ping_test os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5353",
"datePublished": "2026-04-02T16:15:15.653Z",
"dateReserved": "2026-04-01T16:47:14.873Z",
"dateUpdated": "2026-04-02T16:21:43.958Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5354 (GCVE-0-2026-5354)
Vulnerability from cvelistv5 – Published: 2026-04-02 16:30 – Updated: 2026-04-02 18:58 Unsupported When Assigned
VLAI
Title
Trendnet TEW-657BRM setup.cgi vpn_connect os command injection
Summary
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354707 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354707/cti | signaturepermissions-required |
| https://vuldb.com/submit/781568 | third-party-advisory |
| https://github.com/panda666-888/vuls/blob/main/tr… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trendnet | TEW-657BRM |
Affected:
1.00.1
cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5354",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:58:03.728251Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:58:15.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*"
],
"product": "TEW-657BRM",
"vendor": "Trendnet",
"versions": [
{
"status": "affected",
"version": "1.00.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that \"[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website\u0027s product support page and notify customers who registered their products with us.\" This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T16:30:13.623Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354707 | Trendnet TEW-657BRM setup.cgi vpn_connect os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354707"
},
{
"name": "VDB-354707 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354707/cti"
},
{
"name": "Submit #781568 | TRENDnet TEW-657BRM 1.00.1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/781568"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/vpn_connect.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T18:52:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Trendnet TEW-657BRM setup.cgi vpn_connect os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5354",
"datePublished": "2026-04-02T16:30:13.623Z",
"dateReserved": "2026-04-01T16:47:18.384Z",
"dateUpdated": "2026-04-02T18:58:15.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5355 (GCVE-0-2026-5355)
Vulnerability from cvelistv5 – Published: 2026-04-02 16:45 – Updated: 2026-04-02 18:59 Unsupported When Assigned
VLAI
Title
Trendnet TEW-657BRM setup.cgi vpn_drop os command injection
Summary
A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/354708 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/354708/cti | signaturepermissions-required |
| https://vuldb.com/submit/781569 | third-party-advisory |
| https://github.com/panda666-888/vuls/blob/main/tr… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Trendnet | TEW-657BRM |
Affected:
1.00.1
cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5355",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-02T18:58:17.462387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T18:59:51.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:trendnet:tew-657brm_firmware:*:*:*:*:*:*:*:*"
],
"product": "TEW-657BRM",
"vendor": "Trendnet",
"versions": [
{
"status": "affected",
"version": "1.00.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panda_0x1 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Trendnet TEW-657BRM 1.00.1. Affected by this issue is the function vpn_drop of the file /setup.cgi. The manipulation of the argument policy_name leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor confirms, that \"[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website\u0027s product support page and notify customers who registered their products with us.\" This vulnerability only affects products that are no longer supported by the maintainer."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T16:45:17.025Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-354708 | Trendnet TEW-657BRM setup.cgi vpn_drop os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/354708"
},
{
"name": "VDB-354708 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/354708/cti"
},
{
"name": "Submit #781569 | TRENDnet TEW-657BRM 1.00.1 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/781569"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/panda666-888/vuls/blob/main/trendnet/tew-657brm/vpn_drop.md"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-01T18:52:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "Trendnet TEW-657BRM setup.cgi vpn_drop os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5355",
"datePublished": "2026-04-02T16:45:17.025Z",
"dateReserved": "2026-04-01T16:47:21.513Z",
"dateUpdated": "2026-04-02T18:59:51.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54090 (GCVE-0-2026-54090)
Vulnerability from cvelistv5 – Published: 2026-06-25 17:51 – Updated: 2026-06-26 15:32
VLAI
Title
File Browser: Command Allowlist Bypass via Shell Metacharacter Injection
Summary
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell — semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/filebrowser/filebrowser/securi… | x_refsource_CONFIRM |
| https://github.com/filebrowser/filebrowser/issues/5199 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| filebrowser | filebrowser |
Affected:
< 2.33.8
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54090",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-26T15:28:16.070106Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-26T15:32:50.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8c9q-7855-wfxq"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "filebrowser",
"vendor": "filebrowser",
"versions": [
{
"status": "affected",
"version": "\u003c 2.33.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.33.8, when a shell interpreter is configured (e.g. /bin/sh -c), the command allowlist can be bypassed through shell metacharacters. The allowlist validates only the first token of user input, but the entire raw string is handed to the shell \u2014 semicolons, pipes, backticks, and $() all work to chain arbitrary commands after a permitted one. This vulnerability is fixed in 2.33.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184: Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T17:51:17.656Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8c9q-7855-wfxq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-8c9q-7855-wfxq"
},
{
"name": "https://github.com/filebrowser/filebrowser/issues/5199",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/filebrowser/filebrowser/issues/5199"
}
],
"source": {
"advisory": "GHSA-8c9q-7855-wfxq",
"discovery": "UNKNOWN"
},
"title": "File Browser: Command Allowlist Bypass via Shell Metacharacter Injection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54090",
"datePublished": "2026-06-25T17:51:17.656Z",
"dateReserved": "2026-06-11T18:44:47.761Z",
"dateUpdated": "2026-06-26T15:32:50.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5463 (GCVE-0-2026-5463)
Vulnerability from cvelistv5 – Published: 2026-04-03 04:32 – Updated: 2026-04-03 15:35
VLAI
Summary
Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper neutralization of special elements leading to command injection
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dan McInerney | pymetasploit3 |
Affected:
0 , ≤ 1.0.6
(python)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T15:34:20.114267Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T15:35:09.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/pymetasploit3/",
"defaultStatus": "unaffected",
"packageName": "pymetasploit3",
"product": "pymetasploit3",
"vendor": "Dan McInerney",
"versions": [
{
"lessThanOrEqual": "1.0.6",
"status": "affected",
"version": "0",
"versionType": "python"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Abdivasiyev Sunnatillo"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions."
}
],
"value": "Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline characters into module options such as RHOSTS. This breaks the intended command structure and causes the Metasploit console to execute additional unintended commands, potentially leading to arbitrary command execution and manipulation of Metasploit sessions."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can control module option values such as RHOSTS may inject newline characters to execute arbitrary commands in the Metasploit console context. This may allow execution of unintended modules, manipulation of active sessions, and abuse of automated exploitation workflows."
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper neutralization of special elements leading to command injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T04:32:23.872Z",
"orgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c",
"shortName": "TuranSec"
},
"references": [
{
"url": "https://github.com/DanMcInerney/pymetasploit3"
},
{
"url": "https://pypi.org/project/pymetasploit3/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c",
"assignerShortName": "TuranSec",
"cveId": "CVE-2026-5463",
"datePublished": "2026-04-03T04:32:23.872Z",
"dateReserved": "2026-04-03T04:28:08.555Z",
"dateUpdated": "2026-04-03T15:35:09.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5528 (GCVE-0-2026-5528)
Vulnerability from cvelistv5 – Published: 2026-04-04 23:30 – Updated: 2026-04-06 16:39
VLAI
Title
MoussaabBadla code-screenshot-mcp HTTP os command injection
Summary
A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355281 | vdb-entry |
| https://vuldb.com/vuln/355281/cti | signaturepermissions-required |
| https://vuldb.com/submit/782064 | third-party-advisory |
| https://github.com/wing3e/public_exp/issues/23 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| MoussaabBadla | code-screenshot-mcp |
Affected:
0.1.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5528",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T16:38:55.580133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T16:39:10.209Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP Interface"
],
"product": "code-screenshot-mcp",
"vendor": "MoussaabBadla",
"versions": [
{
"status": "affected",
"version": "0.1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "BruceJin (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in MoussaabBadla code-screenshot-mcp up to 0.1.0. This affects an unknown part of the component HTTP Interface. Such manipulation leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T23:30:14.629Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355281 | MoussaabBadla code-screenshot-mcp HTTP os command injection",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/355281"
},
{
"name": "VDB-355281 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355281/cti"
},
{
"name": "Submit #782064 | MoussaabBadla code-screenshot-mcp 0.1.0 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782064"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/wing3e/public_exp/issues/23"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:29:24.000Z",
"value": "VulDB entry last update"
}
],
"title": "MoussaabBadla code-screenshot-mcp HTTP os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5528",
"datePublished": "2026-04-04T23:30:14.629Z",
"dateReserved": "2026-04-04T06:24:19.838Z",
"dateUpdated": "2026-04-06T16:39:10.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5532 (GCVE-0-2026-5532)
Vulnerability from cvelistv5 – Published: 2026-04-05 01:15 – Updated: 2026-04-06 17:58
VLAI
Title
ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection
Summary
A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355285 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355285/cti | signaturepermissions-required |
| https://vuldb.com/submit/782169 | third-party-advisory |
| https://github.com/August829/CVEP/issues/19 | exploitissue-tracking |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ScrapeGraphAI | scrapegraph-ai |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4 Affected: 1.5 Affected: 1.6 Affected: 1.7 Affected: 1.8 Affected: 1.9 Affected: 1.10 Affected: 1.11 Affected: 1.12 Affected: 1.13 Affected: 1.14 Affected: 1.15 Affected: 1.16 Affected: 1.17 Affected: 1.18 Affected: 1.19 Affected: 1.20 Affected: 1.21 Affected: 1.22 Affected: 1.23 Affected: 1.24 Affected: 1.25 Affected: 1.26 Affected: 1.27 Affected: 1.28 Affected: 1.29 Affected: 1.30 Affected: 1.31 Affected: 1.32 Affected: 1.33 Affected: 1.34 Affected: 1.35 Affected: 1.36 Affected: 1.37 Affected: 1.38 Affected: 1.39 Affected: 1.40 Affected: 1.41 Affected: 1.42 Affected: 1.43 Affected: 1.44 Affected: 1.45 Affected: 1.46 Affected: 1.47 Affected: 1.48 Affected: 1.49 Affected: 1.50 Affected: 1.51 Affected: 1.52 Affected: 1.53 Affected: 1.54 Affected: 1.55 Affected: 1.56 Affected: 1.57 Affected: 1.58 Affected: 1.59 Affected: 1.60 Affected: 1.61 Affected: 1.62 Affected: 1.63 Affected: 1.64 Affected: 1.65 Affected: 1.66 Affected: 1.67 Affected: 1.68 Affected: 1.69 Affected: 1.70 Affected: 1.71 Affected: 1.72 Affected: 1.73 Affected: 1.74.0 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5532",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T17:58:16.006523Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T17:58:29.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"GenerateCodeNode Component"
],
"product": "scrapegraph-ai",
"vendor": "ScrapeGraphAI",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.18"
},
{
"status": "affected",
"version": "1.19"
},
{
"status": "affected",
"version": "1.20"
},
{
"status": "affected",
"version": "1.21"
},
{
"status": "affected",
"version": "1.22"
},
{
"status": "affected",
"version": "1.23"
},
{
"status": "affected",
"version": "1.24"
},
{
"status": "affected",
"version": "1.25"
},
{
"status": "affected",
"version": "1.26"
},
{
"status": "affected",
"version": "1.27"
},
{
"status": "affected",
"version": "1.28"
},
{
"status": "affected",
"version": "1.29"
},
{
"status": "affected",
"version": "1.30"
},
{
"status": "affected",
"version": "1.31"
},
{
"status": "affected",
"version": "1.32"
},
{
"status": "affected",
"version": "1.33"
},
{
"status": "affected",
"version": "1.34"
},
{
"status": "affected",
"version": "1.35"
},
{
"status": "affected",
"version": "1.36"
},
{
"status": "affected",
"version": "1.37"
},
{
"status": "affected",
"version": "1.38"
},
{
"status": "affected",
"version": "1.39"
},
{
"status": "affected",
"version": "1.40"
},
{
"status": "affected",
"version": "1.41"
},
{
"status": "affected",
"version": "1.42"
},
{
"status": "affected",
"version": "1.43"
},
{
"status": "affected",
"version": "1.44"
},
{
"status": "affected",
"version": "1.45"
},
{
"status": "affected",
"version": "1.46"
},
{
"status": "affected",
"version": "1.47"
},
{
"status": "affected",
"version": "1.48"
},
{
"status": "affected",
"version": "1.49"
},
{
"status": "affected",
"version": "1.50"
},
{
"status": "affected",
"version": "1.51"
},
{
"status": "affected",
"version": "1.52"
},
{
"status": "affected",
"version": "1.53"
},
{
"status": "affected",
"version": "1.54"
},
{
"status": "affected",
"version": "1.55"
},
{
"status": "affected",
"version": "1.56"
},
{
"status": "affected",
"version": "1.57"
},
{
"status": "affected",
"version": "1.58"
},
{
"status": "affected",
"version": "1.59"
},
{
"status": "affected",
"version": "1.60"
},
{
"status": "affected",
"version": "1.61"
},
{
"status": "affected",
"version": "1.62"
},
{
"status": "affected",
"version": "1.63"
},
{
"status": "affected",
"version": "1.64"
},
{
"status": "affected",
"version": "1.65"
},
{
"status": "affected",
"version": "1.66"
},
{
"status": "affected",
"version": "1.67"
},
{
"status": "affected",
"version": "1.68"
},
{
"status": "affected",
"version": "1.69"
},
{
"status": "affected",
"version": "1.70"
},
{
"status": "affected",
"version": "1.71"
},
{
"status": "affected",
"version": "1.72"
},
{
"status": "affected",
"version": "1.73"
},
{
"status": "affected",
"version": "1.74.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yu Bao (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create_sandbox_and_execute of the file scrapegraphai/nodes/generate_code_node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T01:15:12.639Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355285 | ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355285"
},
{
"name": "VDB-355285 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355285/cti"
},
{
"name": "Submit #782169 | ScrapeGraphAI scrapegraph-ai 1.74.0 Remote Code Execution (RCE)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782169"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/August829/CVEP/issues/19"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T08:38:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5532",
"datePublished": "2026-04-05T01:15:12.639Z",
"dateReserved": "2026-04-04T06:33:31.353Z",
"dateUpdated": "2026-04-06T17:58:29.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5547 (GCVE-0-2026-5547)
Vulnerability from cvelistv5 – Published: 2026-04-05 07:15 – Updated: 2026-04-06 14:51
VLAI
Title
Tenda AC10 httpd formAddMacfilterRule os command injection
Summary
A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355311 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355311/cti | signaturepermissions-required |
| https://vuldb.com/submit/782296 | third-party-advisory |
| https://github.com/somanyerrors/tenda-ac10v4-vuln… | related |
| https://www.tenda.com.cn/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:02:32.706573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:51:06.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:tenda:ac10_firmware:*:*:*:*:*:*:*:*"
],
"product": "AC10",
"vendor": "Tenda",
"versions": [
{
"status": "affected",
"version": "16.03.10.10_multi_TDE01"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CoreNode (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda AC10 16.03.10.10_multi_TDE01. Affected is the function formAddMacfilterRule of the file /bin/httpd. Such manipulation leads to os command injection. It is possible to launch the attack remotely. Multiple endpoints might be affected."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T07:15:15.874Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355311 | Tenda AC10 httpd formAddMacfilterRule os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355311"
},
{
"name": "VDB-355311 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355311/cti"
},
{
"name": "Submit #782296 | Tenda AC10 V4 US_AC10V4.0si_V16.03.10.10_multi_TDE01 OS Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/782296"
},
{
"tags": [
"related"
],
"url": "https://github.com/somanyerrors/tenda-ac10v4-vulnerabilities/blob/main/findings/CRITICAL-03-command-injection-formaddmacfilterrule.md"
},
{
"tags": [
"product"
],
"url": "https://www.tenda.com.cn/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-04T15:33:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "Tenda AC10 httpd formAddMacfilterRule os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5547",
"datePublished": "2026-04-05T07:15:15.874Z",
"dateReserved": "2026-04-04T13:27:55.189Z",
"dateUpdated": "2026-04-06T14:51:06.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5602 (GCVE-0-2026-5602)
Vulnerability from cvelistv5 – Published: 2026-04-05 22:15 – Updated: 2026-04-06 15:05 X_Open Source
VLAI
Title
Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection
Summary
A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: c321d8af25f77668781e6ccb43a1336f9185df37. It is suggested to install a patch to address this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355394 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355394/cti | signaturepermissions-required |
| https://vuldb.com/submit/784862 | third-party-advisory |
| https://github.com/Nor2-io/heim-mcp/issues/1 | issue-tracking |
| https://github.com/Nor2-io/heim-mcp/pull/2 | issue-trackingpatch |
| https://github.com/user-attachments/files/2588948… | exploit |
| https://github.com/Nor2-io/heim-mcp/commit/c321d8… | patch |
| https://github.com/Nor2-io/heim-mcp/ | product |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5602",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T15:05:49.703063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T15:05:58.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud"
],
"product": "heim-mcp",
"vendor": "Nor2-io",
"versions": [
{
"status": "affected",
"version": "0.1.0"
},
{
"status": "affected",
"version": "0.1.1"
},
{
"status": "affected",
"version": "0.1.2"
},
{
"status": "affected",
"version": "0.1.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yinci Chen (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_heim_application_to_cloud. This manipulation causes os command injection. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: c321d8af25f77668781e6ccb43a1336f9185df37. It is suggested to install a patch to address this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T22:15:15.172Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355394 | Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355394"
},
{
"name": "VDB-355394 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355394/cti"
},
{
"name": "Submit #784862 | Nor2-io heim-mcp \u003c=0.1.3 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/784862"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Nor2-io/heim-mcp/issues/1"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/Nor2-io/heim-mcp/pull/2"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/25889482/heim-mcp_bug.pdf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Nor2-io/heim-mcp/commit/c321d8af25f77668781e6ccb43a1336f9185df37"
},
{
"tags": [
"product"
],
"url": "https://github.com/Nor2-io/heim-mcp/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-05T15:35:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "Nor2-io heim-mcp new_heim_application tools.ts registerTools os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5602",
"datePublished": "2026-04-05T22:15:15.172Z",
"dateReserved": "2026-04-05T13:30:33.910Z",
"dateUpdated": "2026-04-06T15:05:58.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5603 (GCVE-0-2026-5603)
Vulnerability from cvelistv5 – Published: 2026-04-05 22:30 – Updated: 2026-04-06 14:50 X_Open Source
VLAI
Title
elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection
Summary
A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be used. The name of the patch is aa1ffcc0aea1b212c69787391783af27df15ae9d. A patch should be applied to remediate this issue.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/355395 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/355395/cti | signaturepermissions-required |
| https://vuldb.com/submit/784864 | third-party-advisory |
| https://github.com/elgentos/magento2-dev-mcp/issues/4 | issue-tracking |
| https://github.com/elgentos/magento2-dev-mcp/pull/5 | issue-trackingpatch |
| https://github.com/user-attachments/files/2589577… | exploit |
| https://github.com/elgentos/magento2-dev-mcp/comm… | patch |
| https://github.com/elgentos/magento2-dev-mcp/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| elgentos | magento2-dev-mcp |
Affected:
1.0.0
Affected: 1.0.1 Affected: 1.0.2 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5603",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-06T14:33:52.746299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-06T14:50:10.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "magento2-dev-mcp",
"vendor": "elgentos",
"versions": [
{
"status": "affected",
"version": "1.0.0"
},
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "1.0.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Yinci Chen (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command injection. An attack has to be approached locally. The exploit is publicly available and might be used. The name of the patch is aa1ffcc0aea1b212c69787391783af27df15ae9d. A patch should be applied to remediate this issue."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4.3,
"vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-05T22:30:16.507Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-355395 | elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/355395"
},
{
"name": "VDB-355395 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/355395/cti"
},
{
"name": "Submit #784864 | elgentos magento2-dev-mcp \u003c=1.0.2 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/784864"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/elgentos/magento2-dev-mcp/issues/4"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/elgentos/magento2-dev-mcp/pull/5"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/user-attachments/files/25895777/magento2-dev-mcp_bug.pdf"
},
{
"tags": [
"patch"
],
"url": "https://github.com/elgentos/magento2-dev-mcp/commit/aa1ffcc0aea1b212c69787391783af27df15ae9d"
},
{
"tags": [
"product"
],
"url": "https://github.com/elgentos/magento2-dev-mcp/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-04-05T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-04-05T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-04-05T16:03:13.000Z",
"value": "VulDB entry last update"
}
],
"title": "elgentos magento2-dev-mcp index.ts executeMagerun2Command os command injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-5603",
"datePublished": "2026-04-05T22:30:16.507Z",
"dateReserved": "2026-04-05T13:58:08.432Z",
"dateUpdated": "2026-04-06T14:50:10.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- If at all possible, use library calls rather than external processes to recreate the desired functionality.
Mitigation
Phase: Implementation
Description:
- If possible, ensure that all external commands called from the program are statically created.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation
Phase: Operation
Description:
- Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands.
Mitigation
Phase: System Configuration
Description:
- Assign permissions that prevent the user from accessing/opening privileged files.
CAPEC-136: LDAP Injection
An attacker manipulates or crafts an LDAP query for the purpose of undermining the security of the target. Some applications use user input to create LDAP queries that are processed by an LDAP server. For example, a user might provide their username during authentication and the username might be inserted in an LDAP query during the authentication process. An attacker could use this input to inject additional commands into an LDAP query that could disclose sensitive information. For example, entering a * in the aforementioned query might return information about all users on the system. This attack is very similar to an SQL injection attack in that it manipulates a query to gather additional information or coerce a particular return value.
CAPEC-15: Command Delimiters
An attack of this type exploits a programs' vulnerabilities that allows an attacker's commands to be concatenated onto a legitimate command with the intent of targeting other resources such as the file system or database. The system that uses a filter or denylist input validation, as opposed to allowlist validation is vulnerable to an attacker who predicts delimiters (or combinations of delimiters) not present in the filter or denylist. As with other injection attacks, the attacker uses the command delimiter payload as an entry point to tunnel through the application and activate additional attacks through SQL queries, shell commands, network scanning, and so on.
CAPEC-183: IMAP/SMTP Command Injection
An adversary exploits weaknesses in input validation on web-mail servers to execute commands on the IMAP/SMTP server. Web-mail servers often sit between the Internet and the IMAP or SMTP mail server. User requests are received by the web-mail servers which then query the back-end mail server for the requested information and return this response to the user. In an IMAP/SMTP command injection attack, mail-server commands are embedded in parts of the request sent to the web-mail server. If the web-mail server fails to adequately sanitize these requests, these commands are then sent to the back-end mail server when it is queried by the web-mail server, where the commands are then executed. This attack can be especially dangerous since administrators may assume that the back-end server is protected against direct Internet access and therefore may not secure it adequately against the execution of malicious commands.
CAPEC-248: Command Injection
An adversary looking to execute a command of their choosing, injects new items into an existing command thus modifying interpretation away from what was intended. Commands in this context are often standalone strings that are interpreted by a downstream component and cause specific responses. This type of attack is possible when untrusted values are used to build these command strings. Weaknesses in input validation or command construction can enable the attack and lead to successful exploitation.
CAPEC-40: Manipulating Writeable Terminal Devices
This attack exploits terminal devices that allow themselves to be written to by other users. The attacker sends command strings to the target terminal device hoping that the target user will hit enter and thereby execute the malicious command with their privileges. The attacker can send the results (such as copying /etc/passwd) to a known directory and collect once the attack has succeeded.
CAPEC-43: Exploiting Multiple Input Interpretation Layers
An attacker supplies the target software with input data that contains sequences of special characters designed to bypass input validation logic. This exploit relies on the target making multiples passes over the input data and processing a "layer" of special characters with each pass. In this manner, the attacker can disguise input that would otherwise be rejected as invalid by concealing it with layers of special/escape characters that are stripped off by subsequent processing steps. The goal is to first discover cases where the input validation layer executes before one or more parsing layers. That is, user input may go through the following logic in an application: <parser1> --> <input validator> --> <parser2>. In such cases, the attacker will need to provide input that will pass through the input validator, but after passing through parser2, will be converted into something that the input validator was supposed to stop.
CAPEC-75: Manipulating Writeable Configuration Files
Generally these are manually edited files that are not in the preview of the system administrators, any ability on the attackers' behalf to modify these files, for example in a CVS repository, gives unauthorized access directly to the application, the same as authorized users.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.