BaseDraft
CWE-88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Category: injection
Description
The product constructs a string for a command to be executed by a separate component
in another control sphere, but it does not properly delimit the
intended arguments, options, or switches within that command string.
Common consequences· 1
- Confidentiality / Integrity / Availability / Other — Execute Unauthorized Code or Commands, Alter Execution Logic, Read Application Data, Modify Application DataAn attacker could include arguments that allow unintended commands or code to be executed, allow sensitive data to be read or modified or could cause other unintended behavior.
Potential mitigations· 5
- [Implementation]Where possible, avoid building a single string that contains the command and its arguments. Some languages or frameworks have functions that support specifying independent arguments, e.g. as an array, which is used to automatically perform the appropriate quoting or escaping while building the command. For example, in PHP, escapeshellarg() can be used to escape a single argument to system(), or exec() can be called with an array of arguments. In C, code can often be refactored from using system() - which accepts a single string - to using exec(), which requires separate function arguments for each parameter.
- [Architecture and Design]Understand all the potential areas where untrusted inputs can enter your product: parameters or arguments, cookies, anything read from the network, environment variables, request headers as well as content, URL components, e-mail, files, databases, and any external systems that provide data to the application. Perform input validation at well-defined interfaces.
- [Implementation]
- [Implementation]Directly convert your input type into the expected data type, such as using a conversion function that translates a string into a number. After converting to the expected data type, ensure that the input's values fall within the expected range of allowable values and that multi-field consistencies are maintained.
- [Implementation]
Related CAPEC attack patterns· 5
References
Exploits (incoming)5
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Parameter Injectioncapec-137 | 100% | live |
| AttackPattern | Flash Parameter Injectioncapec-174 | 100% | live |
| AttackPattern | OS Command Injectioncapec-88 | 100% | live |
| AttackPattern | HTTP Parameter Pollution (HPP)capec-460 | 100% | live |
| AttackPattern | Using Meta-characters in E-mail Headers to Inject Malicious Payloadscapec-41 | 100% | live |
(incoming)44
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-12556cve-2025-12556 | 0% | live |
| Vulnerability | CVE-2025-12613cve-2025-12613 | 0% | live |
| Vulnerability | CVE-2025-1712cve-2025-1712 | 0% | live |
| Vulnerability | CVE-2025-21613cve-2025-21613 | 0% | live |
| Vulnerability | CVE-2025-31499cve-2025-31499 | 0% | live |
| Vulnerability | CVE-2025-32931cve-2025-32931 | 0% | live |
| Vulnerability | CVE-2025-3945cve-2025-3945 | 0% | live |
| Vulnerability | CVE-2025-46835cve-2025-46835 | 0% | live |
| Vulnerability | CVE-2025-49520cve-2025-49520 | 0% | live |
| Vulnerability | CVE-2025-52480cve-2025-52480 | 0% | live |
| Vulnerability | CVE-2025-59937cve-2025-59937 | 0% | live |
| Vulnerability | CVE-2025-70327cve-2025-70327 | 0% | live |
| Vulnerability | CVE-2026-0774cve-2026-0774 | 0% | live |
| Vulnerability | CVE-2026-22168cve-2026-22168 | 0% | live |
| Vulnerability | CVE-2026-22582cve-2026-22582 | 0% | live |
| Vulnerability | CVE-2026-22583cve-2026-22583 | 0% | live |
| Vulnerability | CVE-2026-22738cve-2026-22738 | 0% | live |
| Vulnerability | CVE-2026-2298cve-2026-2298 | 0% | live |
| Vulnerability | GNU InetUtils Argument Injection Vulnerabilitycve-2026-24061 | 0% | live |
| Vulnerability | CVE-2026-24126cve-2026-24126 | 0% | live |
| Vulnerability | CVE-2026-25134cve-2026-25134 | 0% | live |
| Vulnerability | CVE-2026-27613cve-2026-27613 | 0% | live |
| Vulnerability | CVE-2026-27947cve-2026-27947 | 0% | live |
| Vulnerability | CVE-2026-31230cve-2026-31230 | 0% | live |
| Vulnerability | CVE-2026-35033cve-2026-35033 | 0% | live |
| Vulnerability | CVE-2026-3515cve-2026-3515 | 0% | live |
| Vulnerability | CVE-2026-39884cve-2026-39884 | 0% | live |
| Vulnerability | CVE-2026-40113cve-2026-40113 | 0% | live |
| Vulnerability | CVE-2026-40281cve-2026-40281 | 0% | live |
| Vulnerability | CVE-2026-40938cve-2026-40938 | 0% | live |
Showing top 30 of 44 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.