CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,515 vulnerabilities with CWE-94
CVE-2022-41882 MEDIUM
Nextcloud Desktop Client <3.6.0 - Code Injection
CVSS 6.6
CVE-2022-44089 CRITICAL
ESPCMS P8.21120101 - Remote Code Execution via IS_GETCACHE Component
CVSS 9.8
CVE-2022-44088 CRITICAL
ESPCMS P8.21120101 - Remote Code Execution via INPUT_ISDESCRIPTION Component
CVSS 9.8
CVE-2022-44087 CRITICAL
ESPCMS P8.21120101 - Remote Code Execution via UPFILE_PIC_ZOOM_HIGHT Component
CVSS 9.8
CVE-2022-41061 HIGH
Microsoft Word - Remote Code Execution
CVSS 7.8
CVE-2022-41205 MEDIUM
SAP GUI - Authenticated Script Execution on Local Network
CVSS 5.5
CVE-2022-3418 HIGH
WP All Import < 3.6.9 - Authenticated Arbitrary File Upload via XML/CSV Import
CVSS 7.2
CVE-2022-44794 HIGH
Object First Ootbi < 1.0.13.1611 - Authenticated Remote Code Execution via Hostname Parameter
CVSS 8.8
CVE-2022-3869 MEDIUM
froxlor/froxlor <0.10.38.2 - Code Injection
CVSS 6.1
CVE-2022-43572 HIGH
Splunk Enterprise <8.2.9-9.0.2 - DoS
CVSS 7.5
CVE-2022-31691 CRITICAL
Vmware Bosh Editor < 1.40.0 - Code Injection
CVSS 9.8
CVE-2022-3721 MEDIUM
froxlor < 0.10.39 - Code Injection
CVSS 4.6
CVE-2022-43571 HIGH
Authenticated RCE in Splunk (SimpleXML dashboard PDF generation)
CVSS 8.8
CVE-2022-32924 HIGH
iPadOS < 16.0 - Remote Code Execution
CVSS 7.8
CVE-2022-39365 CRITICAL
pimcore < 10.5.9 - Server-Side Template Injection in Twig Template Rendering
CVSS 9.8
CVE-2022-3394 HIGH
WP All Export Pro <1.7.9 - Code Injection
CVSS 7.2
CVE-2022-39327 HIGH
Azure CLI < 2.40.0 - OS Command Injection via PowerShell Special Characters
CVSS 8.1
CVE-2022-39326 HIGH
kartverket/github-workflows < 2.7.5 - Remote Code Execution via Malicious Pull Request
CVSS 8.8
CVE-2022-43416 HIGH
Jenkins Katalon Plugin <1.0.32 - RCE
CVSS 8.8
CVE-2022-39424 HIGH
Oracle VM VirtualBox < 6.1.40 - Unauthenticated Remote Code Execution via VRDP
CVSS 8.1
CVE-2022-41544 CRITICAL
GetSimple CMS 3.3.16 - Remote Code Execution via Edited File Parameter
CVSS 9.8
CVE-2022-41576 HIGH
Huawei EMUI - Code Injection via rphone Module Script
CVSS 7.8
CVE-2022-35944 MEDIUM
October CMS < 2.2.34 - Authenticated PHP Code Injection via CMS Template Editor
CVSS 6.2
CVE-2022-41534 HIGH
Online Diagnostic Lab Management System v1.0 - Code Injection
CVSS 7.2
CVE-2022-42889 CRITICAL
Apache Commons Text 1.5-1.9 - Remote Code Execution via String Interpolation
CVSS 9.8
Details
Vulnerabilities 6,515
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits