CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,515 vulnerabilities with CWE-94
CVE-2022-25812 HIGH
Transposh WordPress Translation < 1.0.8 - Authenticated Remote Code Execution via Debug Settings
CVSS 7.2
CVE-2022-36216 HIGH
dedecms 5.7.94-5.7.97 - Remote Code Execution via member_toadmin.php
CVSS 7.2
CVE-2022-35516 CRITICAL
dedecms 5.7.93-5.7.96 - Remote Code Execution via login.php
CVSS 9.8
CVE-2022-38193 MEDIUM
Esri Portal for ArcGIS <10.8.1 - Code Injection
CVSS 6.1
CVE-2022-36262 CRITICAL
taocms 3.0.2 - PHP Code Injection via config.php
CVSS 9.8
CVE-2022-36006 HIGH
Arvados < 2.4.2 - Authenticated Remote Code Execution via JSON Payload Deserialization
CVSS 7.9
CVE-2022-30580 HIGH
GO < 1.17.11 - Code Injection
CVSS 7.8
CVE-2022-35779 HIGH
Azure RTOS GUIX Studio - Remote Code Execution
CVSS 7.8
CVE-2022-35777 HIGH
Visual Studio - Remote Code Execution
CVSS 8.8
CVE-2022-35772 HIGH
Azure Site Recovery VMware to Azure < 9.50.6419.1 - Remote Code Execution
CVSS 7.2
CVE-2022-35767 HIGH
Windows SSTP - Remote Code Execution
CVSS 8.1
CVE-2022-35766 HIGH
Windows 10, 11, Server 2016, 2019, 2022 - Remote Code Execution in SSTP
CVSS 8.1
CVE-2022-34715 CRITICAL
Windows Server 2022 - Remote Code Execution in Network File System
CVSS 9.8
CVE-2022-34714 HIGH
Windows Secure Socket Tunneling Protocol - Remote Code Execution
CVSS 8.1
CVE-2022-30194 HIGH
Windows WebBrowser Control - Remote Code Execution
CVSS 7.5
CVE-2022-30175 HIGH
Azure RTOS GUIX Studio - Remote Code Execution
CVSS 7.8
CVE-2022-33725 MEDIUM
Knox VPN <SMR Aug-2022 Release 1 - Privilege Escalation
CVSS 4.0
CVE-2022-33721 MEDIUM
DeX for PC <SMR Aug-2022 Release 1 - Privilege Escalation
CVSS 4.4
CVE-2022-2636 HIGH
GitHub hestiacp/hestiacp <1.6.6 - Code Injection
CVSS 8.5
CVE-2022-37396 MEDIUM
JetBrains Rider < 2022.2 - Local Code Execution via Trust and Open Project Dialog Bypass
CVSS 4.1
CVE-2022-34625 HIGH
Mealie 1.0.0beta3 - Remote Code Execution via Jinja2 Template Injection
CVSS 7.2
CVE-2022-36799 HIGH
Atlassian Jira Server/Data Center RCE via Email Template Injection (8.13.19, 8.14.0-8.20.7, 8.21.0-8.22.1)
CVSS 7.2
CVE-2022-30083 CRITICAL
EllieGrid 3.4.1 - Remote Code Execution
CVSS 9.8
CVE-2022-37009 LOW
JetBrains IntelliJ IDEA < 2022.2 - Local Code Execution via Vagrant Executable
CVSS 3.9
CVE-2022-35649 CRITICAL
Moodle - Remote Code Execution via Ghostscript PostScript Parsing
CVSS 9.8
Details
Vulnerabilities 6,515
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits