CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,518 vulnerabilities with CWE-94
CVE-2021-44521 CRITICAL
Apache Cassandra 3.0.0-3.0.25 - Authenticated Remote Code Execution via User Defined Functions
CVSS 9.1
CVE-2021-44978 CRITICAL
idreamsoft icms <= 8.0.0 - Remote Code Execution via Template Injection
CVSS 9.8
CVE-2021-46114 HIGH
jpress 4.2.0 - Remote Code Execution via Email Template Injection
CVSS 8.8
CVE-2021-46118 HIGH
jpress 4.2.0 - Remote Code Execution via Article Notify Kit Email Template Injection
CVSS 7.2
CVE-2021-46117 HIGH
jpress 4.2.0 - Remote Code Execution via PageNotifyKit Email Template Injection
CVSS 7.2
CVE-2021-45029 CRITICAL
Apache ShenYu 2.4.0-2.4.1 - Remote Code Execution via Groovy and SpEL Injection
CVSS 9.8
CVE-2021-44734 CRITICAL
Lexmark B2236 Firmware < mslsg.076.294 - Remote Code Execution via Embedded Web Server
CVSS 9.8
CVE-2021-43269 HIGH
Code42 < 8.8.0 - Remote Code Execution via Malicious Proxy Auto-Config File
CVSS 8.8
CVE-2021-32650 HIGH
October CMS < 1.0.473 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via Theme Import Feature
CVSS 8.8
CVE-2021-32649 HIGH
October CMS < 1.0.473 and 1.1.0-1.1.6 - Authenticated Remote Code Execution via Twig Template Injection
CVSS 8.8
CVE-2021-34994 HIGH
Commvault CommCell - Authenticated Remote Code Execution via DataProvider Class JavaScript Injection
CVSS 8.8
CVE-2021-45806 HIGH
jpress v4.2.0 - Authenticated Code Injection via Admin Template Modification
CVSS 8.8
CVE-2021-23154 MEDIUM
Lens < 5.3.3 - OS Command Injection via Helm Chart Configuration
CVSS 6.3
CVE-2021-39979 CRITICAL
HarmonyOS < 2.0 - Code Injection
CVSS 9.8
CVE-2021-23814 MEDIUM
unisharp/laravel-filemanager < 2.6.2 - Unrestricted Upload of File with Dangerous Type via upload() Function
CVSS 6.7
CVE-2021-43837 HIGH
vault-cli 0.7.0-3.0.0 - Remote Code Execution via Jinja2 Template Injection
CVSS 8.4
CVE-2021-42309 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 8.8
CVE-2021-44231 CRITICAL
SAP ABAP Platform - Code Injection via Text Extraction Reports
CVSS 9.8
CVE-2021-43811 HIGH
Sockeye < 2.3.24 - Remote Code Execution via Unsafe YAML Loading
CVSS 7.8
CVE-2021-44529 CRITICAL KEV
Ivanti Endpoint Manager Cloud Services Appliance < 4.5 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2021-37097 HIGH
HarmonyOS < 2.0 - Code Injection
CVSS 7.5
CVE-2021-37079 CRITICAL
HarmonyOS < 2.0 - Unauthenticated Arbitrary File Deletion via Improper Input Validation
CVSS 9.1
CVE-2021-38967 MEDIUM
IBM MQ Appliance <9.2 - Code Injection
CVSS 6.7
CVE-2021-3725 HIGH
dirhistory plugin - Command Injection
CVSS 7.5
CVE-2021-43221 MEDIUM
Microsoft Edge Chromium < 96.0.1054.29 - Remote Code Execution
CVSS 4.2
Details
Vulnerabilities 6,518
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits