CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,507 vulnerabilities with CWE-94
CVE-2023-6553 CRITICAL
WordPress Backup Migration Plugin PHP Filter Chain RCE
CVSS 9.8
CVE-2023-48390 CRITICAL
Multisuns EasyLog web+ firmware - Unauthenticated Code Injection
CVSS 9.8
CVE-2023-50710 MEDIUM
Hono < 3.11.7 - Path Parameter Override via TrieRouter
CVSS 4.2
CVE-2023-48085 CRITICAL
Nagios XI < 5.11.3 - Remote Code Execution via command_test.php
CVSS 9.8
CVE-2023-43364 CRITICAL
searchor < 2.4.2 - Remote Code Execution via CLI Input
CVSS 9.8
CVE-2023-42890 HIGH
Safari < 17.2 - Remote Code Execution
CVSS 8.8
CVE-2023-5500 HIGH
frauscher diagnostic system 102 2.10.0-2.10.2 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2023-43301 HIGH
Line v13.6.1 - Remote Code Execution via Malicious Notification
CVSS 8.2
CVE-2023-6288 HIGH
Remote Desktop Manager <2023.3.9.3 - Code Injection
CVSS 7.8
CVE-2023-49070 CRITICAL
Apache OFBiz < 18.12.10 - Unauthenticated Remote Code Execution via XML-RPC
CVSS 9.8
CVE-2023-5762 HIGH
Filr WordPress Plugin < 1.2.3.6 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2023-49093 CRITICAL
HtmlUnit < 3.9.0 - Remote Code Execution via XSLT
CVSS 9.8
CVE-2023-44382 CRITICAL
October CMS 3.0.0-3.4.14 - Authenticated Remote Code Execution via Twig Sandbox Escape
CVSS 9.1
CVE-2023-44381 MEDIUM
October CMS 3.0.0-3.4.14 - Authenticated PHP Code Injection via CMS Template
CVSS 4.9
CVE-2023-5226 MEDIUM
GitLab < 16.4.3, 16.5-16.5.2, 16.6-16.6.0 - Branch Name Validation Bypass
CVSS 4.8
CVE-2023-49314 HIGH
Asana Desktop 2.1.0 - Code Injection
CVSS 7.8
CVE-2023-49313 CRITICAL
XMachOViewer 0.04 - Unauthenticated Code Injection via Dylib Injection
CVSS 9.8
CVE-2023-46480 CRITICAL
OwnCast 0.1.1 - Server-Side Request Forgery via indieauth authHost Parameter
CVSS 9.8
CVE-2023-5604 CRITICAL
Asgaros Forum < 2.7.1 - Unauthenticated Dangerous File Upload via Insecure Configuration
CVSS 9.8
CVE-2023-48699 HIGH
fastbots < 0.1.5 - Remote Code Execution via Locators.ini File Injection
CVSS 8.4
CVE-2023-6248 CRITICAL
Digital Communications Syrus4 IoT Gateway - Unsecured MQTT Code Execution
CVSS 10.0
CVE-2023-48226 MEDIUM
OpenReplay < 1.15.0 - HTML Injection in Account Settings Name Field
CVSS 6.5
CVE-2023-48192 HIGH
TOTOlink A3700R v.9.1.2u.6134_B20201202 - Remote Code Execution via setTracerouteCfg Function
CVSS 7.8
CVE-2023-40809 MEDIUM
OpenCRX 5.2.0 - HTML Injection via Activity Search Criteria-Activity Number
CVSS 6.1
CVE-2023-6188 MEDIUM
GetSimpleCMS <3.4.0a - Code Injection
CVSS 4.7
Details
Vulnerabilities 6,507
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits