CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94
CVE-2023-38860 CRITICAL
LangChain < 0.0.247 - Remote Code Execution via Prompt Parameter
CVSS 9.8
CVE-2023-33469 HIGH
KramerAV VIA Connect/VIA Go <4.0.1.1326 - RCE
CVSS 7.8
CVE-2023-36923 HIGH
SAP PowerDesigner <16.7 SP06 PL03 - Code Injection
CVSS 7.8
CVE-2023-36095 CRITICAL
Harrison Chase langchain <0.0.194 - RCE
CVSS 9.8
CVE-2023-38943 HIGH
ShuiZe_0x727 v1.0 - Remote Code Execution via Config File Injection
CVSS 8.8
CVE-2023-37470 CRITICAL
Metabase < 0.43.7.3 - Code Injection
CVSS 10.0
CVE-2023-4142 HIGH
WP Ultimate CSV Importer < 7.9.8 - Authenticated Remote Code Execution via cus1 Parameter
CVSS 8.0
CVE-2023-4141 HIGH
WP Ultimate CSV Importer < 7.9.8 - Authenticated Remote Code Execution via cus2 Parameter
CVSS 8.0
CVE-2023-36255 HIGH
eramba 3.19.1 - Remote Code Execution via Path Parameter
CVSS 8.8
CVE-2023-3401 MEDIUM
GitLab < 16.0.8, 16.1-16.1.3, 16.2-16.2.2 - Remote Code Execution via Repository Name
CVSS 4.8
CVE-2023-34842 CRITICAL
dedecms <= 5.7.109 - Remote Code Execution via Crafted POST Request to /dede/tpl.php
CVSS 9.8
CVE-2023-34644 CRITICAL
Ruijie RG-EW, RG-NBS, RG-S1930, RG-EG, EAP, RAP, NBC - Remote Code Execution via /cgi-bin/luci/api/auth
CVSS 9.8
CVE-2023-36542 HIGH
Apache NiFi <1.22.0 - Authenticated RCE
CVSS 8.8
CVE-2023-39023 CRITICAL
University Compass <v2.2.0 - Code Injection
CVSS 9.8
CVE-2023-39022 CRITICAL
oscore < 2.2.6 - Code Injection via com.opensymphony.util.EJBUtils.createStateless
CVSS 9.8
CVE-2023-39021 CRITICAL
wix-embedded-mysql <4.6.1 - Code Injection
CVSS 9.8
CVE-2023-39020 CRITICAL
stanford-parser <3.9.2 - Code Injection
CVSS 9.8
CVE-2023-39018 CRITICAL
bramp/ffmpeg-cli-wrapper < 0.7.0 - Code Injection via Unchecked Argument
CVSS 9.8
CVE-2023-39017 CRITICAL
quartz-jobs <2.3.2 - Code Injection
CVSS 9.8
CVE-2023-39016 CRITICAL
bboss-persistent <6.0.9 - Code Injection
CVSS 9.8
CVE-2023-39015 CRITICAL
webmagic-extension <0.9.0 - Code Injection
CVSS 9.8
CVE-2023-39013 CRITICAL
larsga/duke < 1.2 - Code Injection via CommonJTimer.init
CVSS 9.8
CVE-2023-39010 CRITICAL
BoofCV < 0.43.1 - Code Injection via Camera Calibration File
CVSS 9.8
CVE-2023-32418 HIGH
macOS 11.0-11.7.9 - Arbitrary Code Execution via File Processing
CVSS 7.8
CVE-2023-33229 LOW
SolarWinds Platform < 2023.3.0 - Authenticated HTML Injection via URL Parameter
CVSS 3.5
Details
Vulnerabilities 6,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits