# command-injection
標記為「command-injection」的 8 篇文章
MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers
A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.
CWE Mapping for AI-Generated Vulnerabilities
Common AI-generated vulnerabilities mapped to CWE identifiers with real examples: SQL injection (CWE-89), XSS (CWE-79), path traversal (CWE-22), command injection (CWE-78), and hardcoded credentials (CWE-798).
AI Application Security
Methodology for exploiting LLM application vulnerabilities: output handling injection (XSS, SQLi, RCE), authentication bypass, session manipulation, and integration-layer attacks.
Output Handling Exploits
Deep dive into XSS, SQL injection, command injection, SSTI, and path traversal attacks that weaponize LLM output as an injection vector against downstream systems.
MCP Command Injection: Understanding and Preventing Shell Injection in MCP Servers
A defense-focused guide to understanding how command injection vulnerabilities arise in MCP server implementations, analyzing CVE-2025-6514 (CVSS 9.6), and implementing robust input sanitization, parameterized commands, and sandboxing to protect MCP deployments.
AI 生成漏洞之 CWE 對映
常見 AI 生成漏洞對映至 CWE 識別碼——附真實範例:SQL 注入(CWE-89)、XSS(CWE-79)、路徑穿越(CWE-22)、命令注入(CWE-78)與硬編碼憑證(CWE-798)。
AI 應用安全
利用 LLM 應用漏洞之方法論:輸出處理注入(XSS、SQLi、RCE)、驗證繞過、會話操弄,以及整合層攻擊。
Output Handling 利用s
Deep dive into XSS, SQL injection, command injection, SSTI, and path traversal attacks that weaponize LLM output as an injection vector against downstream systems.