CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,511 vulnerabilities with CWE-94
CVE-2022-23088 CRITICAL
FreeBSD < 12.3 - Remote Code Execution via Malicious 802.11 Beacon Frame
CVSS 9.8
CVE-2022-1609 CRITICAL
School Management WordPress Plugin < 9.9.7 - Unauthenticated Remote Code Execution via Backdoor REST API Handler
CVSS 9.8
CVE-2022-42541 CRITICAL
Android - Remote Code Execution
CVSS 9.8
CVE-2022-41763 HIGH
NOKIA AMS 9.7.05 - Authenticated Remote Code Execution via PING Function Debugger
CVSS 8.8
CVE-2022-42045 MEDIUM
Zemana AntiMalware and Watchdog Anti-Malware - Arbitrary Code Injection
CVSS 6.7
CVE-2022-35743 HIGH
Microsoft Windows Support Diagnostic Tool - RCE
CVSS 7.8
CVE-2022-47879 HIGH
Jedox <= 22.5 - Authenticated Remote Code Execution via /be/rpc.php
CVSS 7.5
CVE-2022-47129 CRITICAL
PHPOK 6.3 - Remote Code Execution
CVSS 9.8
CVE-2022-36963 HIGH
SolarWinds Orion Platform < 2023.2 - Authenticated Remote Code Execution
CVSS 7.2
CVE-2022-43938 HIGH
Hitachi Vantara Pentaho Business Analytics Server <9.4.0.1-9.3.0.2 ...
CVSS 8.8
CVE-2022-3960 MEDIUM
Hitachi Vantara Pentaho Business Analytics Server <9.4.0.1-9.3.0.2 ...
CVSS 6.3
CVE-2022-43769 HIGH KEV
Pentaho Business Server Auth Bypass and Server Side Template Injection RCE
CVSS 8.8
CVE-2022-38745 HIGH
Apache OpenOffice <4.1.14 - Code Injection
CVSS 7.8
CVE-2022-45553 CRITICAL
Shenzhen Zhibotong Electronics WBT WE1626 Router 21.06.18 - OS Command Injection via UART Serial Connection
CVSS 9.8
CVE-2022-46836 CRITICAL
Tribe29's Checkmk <2.1.0p10-<2.0.0p27-<1.6.0p29 - Code Injection
CVSS 9.1
CVE-2022-45699 CRITICAL
APSystems ECU-R Firmware 5203 - Unauthenticated OS Command Injection via Timezone Parameter
CVSS 9.8
CVE-2022-48093 HIGH
Seacms v12.7 - Remote Code Execution via IP Parameter
CVSS 7.2
CVE-2022-27537 HIGH
HP Elite and Dragonfly Firmware - Arbitrary Code Execution
CVSS 7.8
CVE-2022-48175 CRITICAL
Rukovoditel 3.2.1 - Remote Code Execution via Dashboard AJAX Request Handler
CVSS 9.8
CVE-2022-25967 HIGH
eta < 2.0.0 - Remote Code Execution via Express Render API View Options
CVSS 8.1
CVE-2022-48116 HIGH
AyaCMS 3.1.2 - Remote Code Execution via tpl_edit.inc.php
CVSS 7.2
CVE-2022-25894 CRITICAL
uflo - Remote Code Execution via ExpressionContextImpl JEXL Expression Evaluation
CVSS 9.8
CVE-2022-25860 HIGH
simple-git < 3.16.0 - Remote Code Execution via Git Command Methods
CVSS 8.1
CVE-2022-45928 HIGH
OpenText Extended ECM 16.2.2-22.3 - Remote Code Execution via HTML File Parameter
CVSS 8.8
CVE-2022-34456 HIGH
Dell EMC Metro Node < 7.1 - Authenticated OS Command Injection
CVSS 8.8
Details
Vulnerabilities 6,511
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits