CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,510 vulnerabilities with CWE-94
CVE-2023-34468 HIGH
Apache NiFi 0.0.2-1.21.0 - Authenticated Remote Code Execution via H2 JDBC Database URL
CVSS 8.8
CVE-2023-35034 CRITICAL
Atos Unify OpenScape 4000 Assistant and Manager V10 R1 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2023-34112 MEDIUM
JavaCPP Presets <1.5.9 - Command Injection
CVSS 4.3
CVE-2023-29404 CRITICAL
GO < 1.19.10 - Code Injection
CVSS 9.8
CVE-2023-29402 CRITICAL
Go - Code Injection
CVSS 9.8
CVE-2023-34237 HIGH
SABnzbd 1.1.0-4.0.1 - Remote Code Execution via Notification Script Parameters
CVSS 8.1
CVE-2023-32540 HIGH
Advantech WebAccess/SCADA < 9.1.3 - Arbitrary File Overwrite and Code Injection via XLS File
CVSS 7.2
CVE-2023-33733 HIGH
reportlab < 3.6.12 - Remote Code Execution via Crafted PDF File
CVSS 7.8
CVE-2023-27744 HIGH
South River Technologies TitanFTP NextGen < 2.1.0.2174 - Remote Code Execution via Privilege Escalation
CVSS 7.8
CVE-2023-25539 HIGH
Dell NetWorker 19.6.1.2 - Unauthenticated OS Command Injection
CVSS 8.4
CVE-2023-32692 CRITICAL
CodeIgniter < 4.3.5 - Remote Code Execution via Validation Placeholders
CVSS 9.8
CVE-2023-2943 HIGH
OpenEMR < 7.0.1 - Code Injection
CVSS 8.8
CVE-2023-2928 MEDIUM
dedecms < 5.7.106 - Remote Code Injection via article_allowurl_edit.php allurls Parameter
CVSS 6.3
CVE-2023-33440 HIGH
Sourcecodester Faculty Evaluation System v1.0 - RCE
CVSS 7.2
CVE-2023-30145 CRITICAL
Camaleon CMS < 2.7.0 - Server-Side Template Injection via Formats Parameter
CVSS 9.8
CVE-2023-33246 CRITICAL KEV
Apache RocketMQ update config RCE
CVSS 9.8
CVE-2023-2859 HIGH
nilsteampassnet/teampass <3.0.9 - Code Injection
CVSS 8.8
CVE-2023-32697 HIGH
sqlite-jdbc 3.6.14.1-3.41.2.1 - Remote Code Execution via JDBC URL
CVSS 8.8
CVE-2023-25953 CRITICAL
Drive Explorer < 3.5.4 - Authenticated Code Injection via Product Execution
CVSS 9.8
CVE-2023-29861 CRITICAL
FLIR DVTEL Camera Firmware - Remote Code Execution via Management Page Request
CVSS 9.8
CVE-2023-29862 CRITICAL
agasio_camera_firmware - Remote Code Execution via check and authLevel Parameters
CVSS 9.8
CVE-2023-30130 HIGH
CraftCMS 3.8.1 - Remote Code Execution via Section Parameter
CVSS 8.8
CVE-2023-29400 HIGH
Go Templates - Cross-Site Scripting via Unquoted HTML Attributes
CVSS 7.3
CVE-2023-24539 HIGH
CSS - Code Injection
CVSS 7.3
CVE-2023-24955 HIGH KEV
Microsoft SharePoint Server - Remote Code Execution
CVSS 7.2
Details
Vulnerabilities 6,510
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits