# command-injection

4 articlestagged with “command-injection”

MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers

A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.

mcpcommand-injectiondefenseCVE-2025-6514input-sanitizationsandboxing

Intermediate

CWE Mapping for AI-Generated Vulnerabilities

Common AI-generated vulnerabilities mapped to CWE identifiers with real examples: SQL injection (CWE-89), XSS (CWE-79), path traversal (CWE-22), command injection (CWE-78), and hardcoded credentials (CWE-798).

cwesql-injectionxsspath-traversalcommand-injectionhardcoded-credentialsvulnerability-patterns

Intermediate

AI Application Security

Methodology for exploiting LLM application vulnerabilities: output handling injection (XSS, SQLi, RCE), authentication bypass, session manipulation, and integration-layer attacks.

application-securityxsssqlicommand-injectionauth-bypasssession-attackswebhooksllm-apps

Expert

Output Handling Exploits

Deep dive into XSS, SQL injection, command injection, SSTI, and path traversal attacks that weaponize LLM output as an injection vector against downstream systems.

xsssqlicommand-injectionsstipath-traversaloutput-handlingllm-appsinjection

Advanced