CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2024-8481 HIGH
WordPress Special Text Boxes <= 6.2.4 - Unauthenticated Shortcode Execution
CVSS 7.3
CVE-2024-8623 HIGH
MDTF WordPress Plugin <=1.3.3.3 - Unauthenticated Shortcode Execution
CVSS 7.3
CVE-2024-46639 HIGH
HelpDeskZ 2.0.2 - Stored Cross-Site Scripting via Custom Fields Name Parameter
CVSS 7.6
CVE-2024-37779 HIGH
WoodWing Elvis DAM <6.98.1 - Authenticated RCE
CVSS 8.8
CVE-2024-0004 CRITICAL
FlashArray Purity 5.0.0-5.0.10 - Authenticated Remote Code Execution
CVSS 9.1
CVE-2024-40442 HIGH
Doccano <1.8.4, <0.1.23 - Privilege Escalation
CVSS 7.2
CVE-2024-47219 CRITICAL
vesoft NebulaGraph <3.8.0 - Command Injection
CVSS 9.8
CVE-2024-46640 CRITICAL
SeaCMS 13.2 - Remote Code Execution via MySQL Slow Query Method
CVSS 9.8
CVE-2024-46103 CRITICAL
SEMCMS 4.8 - SQL Injection via SEMCMS_Main.php
CVSS 9.8
CVE-2024-9006 MEDIUM
123solar 1.8.4.5 - Remote Code Injection via PASSOx Argument in config_invt1.php
CVSS 6.3
CVE-2024-35515 CRITICAL
sqlitedict <= 2.1.0 - Remote Code Execution via Insecure Deserialization
CVSS 9.8
CVE-2024-45798 CRITICAL
arduino-esp32 - Poisoned Pipeline Execution via tests_results.yml Workflow
CVSS 9.9
CVE-2024-44623 CRITICAL
TuomoKu SPx-GC <= 1.3.0 child_process.js - Remote Code Execution
CVSS 9.8
CVE-2024-7104 CRITICAL
SFS ww.Winsure < 4.6.2 - Code Injection
CVSS 9.8
CVE-2024-8880 MEDIUM
playSMS 1.4.4-1.4.7 - Code Injection via Forgot Password Template Handler
CVSS 5.6
CVE-2024-8864 MEDIUM
composio < 0.5.6 - Code Injection in Calculator Function
CVSS 5.5
CVE-2024-8479 HIGH
Simple Spoiler 1.2-1.3 - Unauthenticated Arbitrary Shortcode Execution via Comment Text
CVSS 7.3
CVE-2024-8271 HIGH
FOX - Currency Switcher Professional <1.4.2.1 - RCE
CVSS 7.3
CVE-2024-44430 CRITICAL
Best Free Law Office Management Software 1.0 - SQL Injection via kortex_lite/control/register_case.php
CVSS 9.8
CVE-2024-8696 CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Malicious Extension Publisher URL
CVSS 9.8
CVE-2024-8695 CRITICAL
Docker Desktop < 4.34.2 - Remote Code Execution via Crafted Extension Description/Changelog
CVSS 9.8
CVE-2024-45851 HIGH
MindsDB 23.10.5.0-24.7.4.1 - Remote Code Execution via SharePoint INSERT Query
CVSS 8.8
CVE-2024-45850 HIGH
MindsDB 23.10.5.0-24.7.4.1 - Remote Code Execution via SharePoint Integration INSERT Query
CVSS 8.8
CVE-2024-45849 HIGH
MindsDB 23.10.5.0-24.7.4.1 - Remote Code Execution via SharePoint INSERT Query
CVSS 8.8
CVE-2024-45848 HIGH
MindsDB 23.12.4.0-24.7.4.1 - Remote Code Execution via ChromaDB INSERT Query
CVSS 8.8
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits