Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-74 (输出中的特殊元素转义处理不恰当(注入)) — Vulnerability Class 375

375 vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)). AI Chinese analysis included.

CWE-74 represents a critical input validation weakness where software constructs commands, data structures, or records using externally influenced input without properly neutralizing special elements. This flaw allows attackers to inject malicious syntax that alters the intended interpretation of the downstream component, leading to severe consequences such as unauthorized command execution, data manipulation, or system compromise. Exploitation typically occurs when user-supplied data is directly concatenated into queries or system calls without sanitization. To prevent this, developers must implement rigorous input validation, ensuring all external data is strictly checked against expected formats. Furthermore, utilizing parameterized queries, safe APIs, and context-specific encoding techniques ensures that special characters are treated as literal data rather than executable instructions, effectively neutralizing potential injection vectors before they reach the downstream processor.

MITRE CWE Description
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Common Consequences (5)
ConfidentialityRead Application Data
Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation.
Access ControlBypass Protection Mechanism
In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
OtherAlter Execution Logic
Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code.
Integrity, OtherOther
Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing.
Non-RepudiationHide Activities
Often the actions performed by injected control code are unlogged.
Mitigations (2)
RequirementsProgramming languages and supporting technologies might be chosen which are not subject to these issues.
ImplementationUtilize an appropriate mix of allowlist and denylist parsing to filter control-plane syntax from all input.
Examples (2)
This example code intends to take the name of a user and list the contents of that user's home directory. It is subject to the first variant of OS command injection.
$userName = $_POST["user"]; $command = 'ls -l /home/' . $userName; system($command);
Bad · PHP
;rm -rf /
Attack
The following code segment reads the name of the author of a weblog entry, author, from an HTTP request and sets it in a cookie header of an HTTP response.
String author = request.getParameter(AUTHOR_PARAM); ... Cookie cookie = new Cookie("author", author); cookie.setMaxAge(cookieExpiration); response.addCookie(cookie);
Bad · Java
HTTP/1.1 200 OK ... Set-Cookie: author=Jane Smith ...
Result
CVE IDTitleCVSSSeverityPublished
CVE-2025-67486 Dolibarr has an Authenticated Remote Code Execution via eval() injection in user extrafields — dolibarr 7.2AIHighAI2026-05-08
CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot's Business Chat 7.5 High2026-05-07
CVE-2026-7045 baomidou dynamic-datasource StandardEvaluationContext/SpelExpressionParser DsSpelExpressionProcessor.java DsSpelExpressionProcessor#doDetermineDatasource injection — dynamic-datasource 6.3 Medium2026-04-26
CVE-2026-6994 Envoy Query Parameter header_mutation.cc params.add injection — Envoy 6.3 Medium2026-04-25
CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade — MailKit 6.5 Medium2026-04-24
CVE-2026-1089 User‑Controlled HTTP Header In Fortra's GoAnywhere MFT Allows Arbitrary DNS Lookups — GoAnywhere MFT 6.5 Medium2026-04-21
CVE-2026-0972 HTML Injection possible in system generated emails in Fortra's GoAnywhere MFT — GoAnywhere MFT 5.4 Medium2026-04-21
CVE-2026-6599 langflow-ai langflow Model Context Protocol Configuration API mcp_projects.py install_mcp_config injection — langflow 6.3 Medium2026-04-20
CVE-2026-5797 Quiz and Survey Master (QSM) <= 11.1.0 - Unauthenticated Shortcode Injection Leading to Arbitrary Quiz Result Disclosure via Quiz Answer Text Input Fields — Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 5.3 Medium2026-04-17
CVE-2026-39419 MaxKB: Sandbox Result Validation Bypass via Tool Output Spoofing — MaxKB 3.1 Low2026-04-14
CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection') — nest 6.5AIMediumAI2026-04-07
CVE-2026-5561 Campcodes Complete POS Management and Inventory System Environment Variable SettingsController.php injection — Complete POS Management and Inventory System 6.3 Medium2026-04-05
CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest — electron 5.9 Medium2026-04-03
CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection — act 7.1AIHighAI2026-03-31
CVE-2026-5002 PromtEngineer localGPT LLM Prompt server.py _route_using_overviews injection — localGPT 7.3 High2026-03-28
CVE-2026-32695 Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass — traefik 10.0 -2026-03-27
CVE-2026-33148 URL Parameter Injection in FDC Food Search API Causes Server Crash and Exposes Internal API Key — recipes 6.5 Medium2026-03-26
CVE-2026-30932 Froxlor is vulnerable to BIND zone file injection via unsanitized DNS record content in DomainZones API — froxlor 7.5 -2026-03-24
CVE-2026-33475 Langflow GitHub Actions Shell Injection — langflow 9.1 Critical2026-03-24
CVE-2026-33202 Rails Active Storage has possible glob injection in its DiskService — activestorage 8.1 -2026-03-23
CVE-2026-4516 Foundation Agents MetaGPT DataInterpreter write_analysis_code.py injection — MetaGPT 6.3 Medium2026-03-21
CVE-2026-4511 vanna-ai vanna legacy exec injection — vanna 6.3 Medium2026-03-21
CVE-2026-4500 bagofwords1 bagofwords code_execution.py generate_df injection — bagofwords 6.3 Medium2026-03-20
CVE-2026-32616 Pigeon has a Host Header Injection in email verification flow — Pigeon 8.2 High2026-03-13
CVE-2026-3992 CodeGenieApp serverless-express Users Endpoint dynamodb.ts injection — serverless-express 6.3 Medium2026-03-12
CVE-2026-29777 Traefik has a kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values — traefik 5.4AIMediumAI2026-03-11
CVE-2026-31816 Budibase Universal Auth Bypass via Webhook Query Param Injection — budibase 9.1 Critical2026-03-09
CVE-2026-3813 opencc JFlow WF_CCForm.java Calculate injection — JFlow 6.3 Medium2026-03-09
CVE-2026-29053 Ghost Vulnerable to Remote Code Execution via Malicious Themes — Ghost 7.7 High2026-03-05
CVE-2026-29085 Hono: SSE Control Field Injection via CR/LF in writeSSE() — hono 6.5 Medium2026-03-04

Vulnerabilities classified as CWE-74 (输出中的特殊元素转义处理不恰当(注入)) represent 375 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.