CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,515 vulnerabilities with CWE-94
CVE-2022-42902 HIGH
Linaro LAVA < 2022.10 - Unauthenticated Remote Code Execution via Improper Input Sanitization in lavatable.py
CVSS 8.8
CVE-2022-40871 CRITICAL
Dolibarr ERP & CRM <=15.0.3 - Code Injection
CVSS 9.8
CVE-2022-40469 HIGH
ikuaios < 3.6.8 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2022-40274 HIGH
Gridea 0.9.3 - Remote Code Execution via Malicious Markdown File
CVSS 7.8
CVE-2022-40486 HIGH
TP-Link Archer AX10 V1 Firmware 1.3.1 - Authenticated RCE via Crafted Backup File
CVSS 8.8
CVE-2022-40497 HIGH
Wazuh 3.6.1-3.13.5, 4.0.0-4.2.7, 4.3.0-4.3.7 - Authenticated Remote Code Execution via Active Response Endpoint
CVSS 8.8
CVE-2022-21797 HIGH
joblib < 1.2.0 - Arbitrary Code Execution via Parallel pre_dispatch eval()
CVSS 7.3
CVE-2022-40628 CRITICAL
Tacitine EN6200-PRIME QUAD-35/QUAD-100 19.1.1-22.20.1 - Remote Code Execution via Web Interface
CVSS 9.8
CVE-2022-3236 CRITICAL KEV
Sophos Firewall <19.0 MR1 - Code Injection
CVSS 9.8
CVE-2022-26112 CRITICAL
Apache Pinot <0.10.0 - Buffer Overflow
CVSS 9.8
CVE-2022-36386 CRITICAL
Import any XML or CSV File to WordPress <= 3.6.7 - Authenticated Arbitrary Code Execution via Unrestricted File Upload
CVSS 9.1
CVE-2022-28640 HIGH
HPE iLO 5 2.71 - Local-Adjacent Arbitrary Code Execution
CVSS 8.8
CVE-2022-41138 CRITICAL
zutty < 0.13 - Remote Code Execution via DECRQSS Terminal Escape Sequence
CVSS 9.8
CVE-2022-3245 MEDIUM
microweber < 1.3.2 - HTML Injection
CVSS 6.1
CVE-2022-3242 MEDIUM
microweber/microweber <1.3.2 - Code Injection
CVSS 6.1
CVE-2022-36100 CRITICAL
XWiki Platform <14.4 - Code Injection
CVSS 9.9
CVE-2022-36099 CRITICAL
XWiki Platform Wiki UI Main Wiki <13.10.6-14.4 - Code Injection
CVSS 9.9
CVE-2022-36069 HIGH
Poetry < 1.1.9 - Command Injection via Git Dependency URL Argument
CVSS 7.3
CVE-2022-35847 MEDIUM
FortiSOAR <7.2.0, <7.0.3-7.0.0, <6.4.4-6.4.0 - RCE
CVSS 6.3
CVE-2022-31860 CRITICAL
openremote < 1.0.4 - Remote Code Execution via Groovy Rule Injection
CVSS 9.8
CVE-2022-25813 HIGH
Apache OFBiz < 18.12.06 - Server-Side Template Injection via Ecommerce Contact Us Subject Field
CVSS 7.5
CVE-2022-36036 LOW
mdx-mermaid <1.3.0, <2.0.0-rc1 - Code Injection
CVSS 3.6
CVE-2022-37053 CRITICAL
TRENDnet TEW733GR v1.03B01 - OS Command Injection via gena.php
CVSS 9.8
CVE-2022-36756 CRITICAL
D-Link DIR-845L Firmware 1.0.0-1.0.3 - OS Command Injection via gena.php
CVSS 9.8
CVE-2022-38078 CRITICAL
Movable Type <7 r.5202 - Command Injection
CVSS 9.8
Details
Vulnerabilities 6,515
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits