CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94
CVE-2023-33570 HIGH
Bagisto 1.5.1 - Server-Side Template Injection
CVSS 8.8
CVE-2023-27866 MEDIUM
IBM Informix JDBC Driver 4.10 and 4.50 - Remote Code Execution via JNDI Injection
CVSS 6.3
CVE-2023-36467 HIGH
AWS data.all <1.5.2 - Authenticated RCE
CVSS 8.0
CVE-2023-32528 HIGH
Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Remote Code Execution via Vulnerable PHP Files
CVSS 8.8
CVE-2023-32527 HIGH
Trend Micro Mobile Security (Enterprise) 9.8 SP5 - Remote Code Execution via Vulnerable PHP Files
CVSS 8.8
CVE-2023-3393 HIGH
fossbilling/fossbilling <0.5.1 - Code Injection
CVSS 7.2
CVE-2023-35152 CRITICAL
XWiki Platform 12.9-14.4.8 - Authenticated Eval Injection via First Name Field
CVSS 9.9
CVE-2023-35150 CRITICAL
XWiki Platform 2.40m-2-14.4.8, 14.10.4, 15.0 - Remote Code Execution via Crafted URL Payload
CVSS 9.9
CVE-2023-35926 HIGH
Backstage < 1.15.0 - Authenticated Remote Code Execution via Scaffolder Template Injection
CVSS 8.0
CVE-2023-26436 HIGH
Open-Xchange AppSuite Backend <= 7.10.6 - Deserialization Code Injection
CVSS 7.1
CVE-2023-2359 HIGH
Slider Revolution < 6.6.12 - Arbitrary File Upload and Remote Code Execution via Image Import
CVSS 8.8
CVE-2023-35853 CRITICAL
Suricata < 6.0.13 - Remote Code Execution via Lua Rules
CVSS 9.8
CVE-2023-35813 CRITICAL
Sitecore Experience Manager, Experience Platform, Experience Commerce < 10.3 - Remote Code Execution
CVSS 9.8
CVE-2023-35809 HIGH
SugarCRM 11.0.0-11.0.5 12.0.0-12.0.2 - Authenticated PHP Code Injection via REST API
CVSS 8.8
CVE-2023-34448 HIGH
Grav < 1.7.42 - Server-Side Template Injection via Twig map() and reduce() Functions
CVSS 8.8
CVE-2023-34253 HIGH
Grav < 1.7.42 - Authenticated Remote Code Execution via Template Injection Denylist Bypass
CVSS 8.8
CVE-2023-34252 HIGH
Grav < 1.7.42 - Authenticated Remote Code Execution via Twig Filter Array Bypass
CVSS 8.8
CVE-2023-34251 CRITICAL
Grav < 1.7.42 - Authenticated Server-Side Template Injection via Administrator Screen
CVSS 9.9
CVE-2023-1049 HIGH
EcoStruxure Operator Terminal Expert and Pro-Face Blue < 3.3 - Remote Code Execution via Malicious Project File
CVSS 7.8
CVE-2023-33131 HIGH
Microsoft Outlook - Remote Code Execution
CVSS 8.8
CVE-2023-21569 MEDIUM
Azure DevOps Server - Open Redirect
CVSS 5.5
CVE-2023-3224 CRITICAL
nuxt 3.4.0-3.4.3 - Code Injection
CVSS 9.8
CVE-2023-30179 HIGH
CraftCMS < 4.4.2 - Authenticated Server-Side Template Injection via User Photo Location Field
CVSS 7.2
CVE-2023-32546 MEDIUM
Chatwork Desktop Application (Mac) < 2.6.43 - Unauthenticated Code Injection
CVSS 4.4
CVE-2023-25910 CRITICAL
SIMATIC PCS 7 < V9.1 SP2 UC04, SIMATIC S7-PM < V5.7 SP2 HF1, STEP 7 < V5.7 - RCE via DBMS Functions
CVSS 10.0
Details
Vulnerabilities 6,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits