Command injection is a type of vulnerability that occurs when an attacker can inject malicious commands into a web application, which are then executed by the system. This can allow the attacker to gain access to sensitive information, execute arbitrary code, or launch a denial of service attack. You can fix it by:

1. Using input validation. This is a technique for validating user input before it is passed to the command. This can include checking the input against a whitelist of allowed values, or ensuring that it conforms to a certain pattern.

2. Using input validation. This is a technique of validating user input before it is passed to the command. This can include checking the input against a whitelist of allowed values, or ensuring that it conforms to a certain pattern.

Additionally, it's a good practice to use a language or framework that has built-in protection against command injection, such as the subprocess library in Python. This library provides a way to execute commands in a safe way, by separating the command and its arguments, and by providing a way to specify which arguments are allowed.

It is important to note that it is a good practice to use a combination of the above methods for best results and to keep software and libraries up-to-date to prevent command injection vulnerabilities.