CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94
CVE-2023-36022 MEDIUM
Microsoft Edge Chromium < 118.0.2088.88 and < 119.0.2151.44 - Remote Code Execution
CVSS 6.6
CVE-2023-46958 CRITICAL
lmxcms 1.41 - Remote Code Execution via admin.php
CVSS 9.8
CVE-2023-20063 HIGH
Cisco Firepower 6.2.3 Authenticated RCE via Expert Mode Command Injection
CVSS 8.2
CVE-2023-42658 HIGH
Chef InSpec <4.56.58, 5.22.29 - Command Injection
CVSS 8.8
CVE-2023-40050 CRITICAL
Chef Automate <= 4.10.29 - Remote Code Execution via InSpec Check Command
CVSS 9.9
CVE-2023-43792 CRITICAL
baserCMS 4.6.0-4.7.6 - Code Injection in Mail Form
CVSS 9.8
CVE-2023-5843 CRITICAL
Ads by datafeedr.com <= 1.1.3 - Unauthenticated Remote Code Execution via dfads_ajax_load_ads Function
CVSS 9.0
CVE-2023-44141 HIGH
Inkdrop < 5.6.0 - Code Injection via Crafted Markdown File
CVSS 7.8
CVE-2023-46865 HIGH
crater < 6.0.6 - Authenticated Remote Code Execution via Company Logo Image Upload
CVSS 7.2
CVE-2023-46509 CRITICAL
Contec SolarView Compact <6.0 - RCE
CVSS 9.8
CVE-2023-46818 HIGH
ISPConfig language_edit.php PHP Code Injection
CVSS 7.2
CVE-2023-46816 HIGH
SugarCRM 12.0.0-12.0.4, 13.0.0-13.0.2 - Authenticated Server-Side Template Injection via GetControl Action
CVSS 8.8
CVE-2023-43352 HIGH
CMS Made Simple 2.2.18 - Server-Side Template Injection via Content Manager Menu
CVSS 7.8
CVE-2023-5623 HIGH
Nessus Network Monitor < 6.3.0 - Incorrect Default Permissions
CVSS 7.0
CVE-2023-5044 HIGH
ingress-nginx < 1.9.0 - Code Injection via nginx.ingress.kubernetes.io/permanent-redirect Annotation
CVSS 7.6
CVE-2023-46010 CRITICAL
SeaCMS < 12.9 - OS Command Injection via admin_safe.php
CVSS 9.8
CVE-2023-37909 CRITICAL
XWiki 5.1-14.10.7 - Authenticated Remote Code Execution via User Profile Script Macro Injection
CVSS 9.9
CVE-2023-30912 HIGH
HPE OneView < 8.60.00 - Remote Code Execution
CVSS 7.2
CVE-2023-28796 HIGH
Zscaler Client Connector <1.3.1.6 - Code Injection
CVSS 7.1
CVE-2023-28793 HIGH
Zscaler Client Connector <1.3.1.6 - Buffer Overflow
CVSS 7.8
CVE-2023-46055 HIGH
ThingNario Photon 1.0 - Remote Code Execution via Ping Function Script Injection
CVSS 8.8
CVE-2023-41898 HIGH
Home Assistant Companion < 2023.9.2 - Arbitrary URL Loading in WebView
CVSS 8.6
CVE-2023-30131 CRITICAL
IXP EasyInstall 6.6.14884.0 - Unauthenticated Remote Code Execution via API
CVSS 9.8
CVE-2023-46042 CRITICAL
GetSimpleCMS 3.4.0a - Remote Code Execution via phpinfo()
CVSS 9.8
CVE-2023-41630 CRITICAL
esst_monitoring < 2.147.1 - Unauthenticated Remote Code Execution via Gii Code Generator
CVSS 9.8
Details
Vulnerabilities 6,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits