CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,518 vulnerabilities with CWE-94
CVE-2021-47964 HIGH
Schlix CMS 2.2.6-6 Remote Code Execution via core.blockmanager
CVSS 8.8
CVE-2021-47939 HIGH
Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation
CVSS 8.8
CVE-2021-47938 HIGH
ImpressCMS 1.4.2 Remote Code Execution via Autotasks
CVSS 8.8
CVE-2021-47935 HIGH
Sentry 8.2.0 Remote Code Execution via Pickle Deserialization
CVSS 8.8
CVE-2021-47778 HIGH
GetSimple CMS My SMTP Contact Plugin <1.1.2 - Code Injection
CVSS 7.2
CVE-2021-47770 HIGH
OpenPLC v3 - Authenticated Remote Code Execution via Hardware Configuration Interface
CVSS 8.8
CVE-2021-47736 HIGH
CMSimple_XH 1.7.4 - Authenticated Remote Code Execution via Content Editing
CVSS 7.2
CVE-2021-47735 HIGH
CMSimple 5.4 - Authenticated Remote Code Execution via Template Editing
CVSS 8.8
CVE-2021-41527 LOW
RISC Platform <saas-2021-12-29 - Auth Bypass
CVE-2021-38117 HIGH
OpenText iManager 3.2.4.0000 - Command Injection
CVSS 8.8
CVE-2021-22282 HIGH
B&R Industrial Automation Studio 4.0-4.12 - Local Code Execution via Code Generation
CVSS 8.3
CVE-2021-4434 CRITICAL
Social Warfare < 3.5.3 - Remote Code Execution via swp_url Parameter
CVSS 10.0
CVE-2021-22150 MEDIUM
Kibana 7.10.2-7.14.0 - Authenticated Remote Code Execution via Malicious Fleet Package Upload
CVSS 6.6
CVE-2021-33636 HIGH
openeuler isula - Remote Code Execution via Malicious Image Loading
CVSS 8.4
CVE-2021-33635 CRITICAL
OpenEuler isula - Code Injection via Malicious Images
CVSS 9.8
CVE-2021-38243 CRITICAL
xunruicms < 4.5.1 - Remote Code Execution via GET Request
CVSS 9.8
CVE-2021-37384 CRITICAL
Furukawa ONU Firmware < 1.2.0, < 1.5.0, < 1.4.0 - Unauthenticated Remote Code Execution via Web Interface
CVSS 9.8
CVE-2021-31635 CRITICAL
jfinal 4.9.08 - Server-Side Template Injection via Template Function
CVSS 9.8
CVE-2021-36394 CRITICAL
Moodle - Remote Code Execution in Shibboleth Authentication Plugin
CVSS 9.8
CVE-2021-26277 MEDIUM
vivo frame_service < 2021.6.30 - Privilege Escalation via PendingIntent Mishandling
CVSS 5.6
CVE-2021-33949 CRITICAL
FeMiner WMS 1.1 - Remote Code Execution via Filename Parameter
CVSS 9.8
CVE-2021-36424 CRITICAL
phpwcms < 1.9.26 - Remote Code Execution via DB User Field During Installation
CVSS 9.8
CVE-2021-4315 MEDIUM
NYUCCL psiTurk <3.2.0 - Template Injection
CVSS 5.5
CVE-2021-37774 HIGH
TL-WDR7660 Firmware 2.0.30 - Remote Code Execution via httpProcDataSrv
CVSS 8.0
CVE-2021-39426 CRITICAL
Seacms 11.4 - Remote Code Execution via admin_notify.php notify1 Parameter
CVSS 9.8
Details
Vulnerabilities 6,518
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits