CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,519 vulnerabilities with CWE-94
CVE-2021-29679 HIGH
IBM Cognos Analytics 11.1.7 and 11.2.0 - Authenticated Remote Code Execution via SSI Directive Injection
CVSS 8.8
CVE-2021-40487 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 8.1
CVE-2021-40485 HIGH
Microsoft Excel - Remote Code Execution
CVSS 7.8
CVE-2021-40499 CRITICAL
SAP Cloud Print Manager/SAPSprint <7.70 - Code Injection
CVSS 9.8
CVE-2021-24546 HIGH
EditorsKit < 1.31.6 - Authenticated Arbitrary PHP Code Execution via Conditional Logic Settings
CVSS 8.8
CVE-2021-40889 CRITICAL
CMSUno 1.7.2 - Authenticated PHP Code Execution via Password Change Function
CVSS 9.8
CVE-2021-42139 CRITICAL
deno_standard_modules < 0.107.0 - Code Injection via Untrusted YAML File
CVSS 9.8
CVE-2021-25470 HIGH
TEEGRIS secure OS <SMR Oct-2021 Release 1 - Privilege Escalation
CVSS 7.9
CVE-2021-22557 MEDIUM
SLO Generator < 2.0.1 - Remote Code Execution via YAML File Loading
CVSS 5.3
CVE-2021-40323 CRITICAL
Cobbler < 3.3.0 - Remote Code Execution via XMLRPC Log Poisoning
CVSS 9.8
CVE-2021-22952 HIGH
UniFi Talk <1.12.3 - Privilege Escalation
CVSS 8.8
CVE-2021-3583 HIGH
Ansible Automation Platform - Code Injection via Template Injection
CVSS 7.1
CVE-2021-39402 HIGH
MaianAffiliate 1.0 - Code Injection via Product Addition
CVSS 7.2
CVE-2021-39128 HIGH
Atlassian Jira Server/Data Center - RCE
CVSS 7.2
CVE-2021-33693 MEDIUM
SAP Cloud Connector <2.0 - Code Injection
CVSS 6.8
CVE-2021-40373 CRITICAL
playSMS < 1.4.5 - Arbitrary Code Execution via Core Main Config PHP Injection
CVSS 9.8
CVE-2021-32836 HIGH
ZStack <3.10.12-4.1.6 - Open Redirect
CVSS 7.5
CVE-2021-32834 HIGH
Eclipse Keti - Remote Code Execution via Groovy Script Injection
CVSS 8.2
CVE-2021-39503 HIGH
PHPMyWind 5.6 - Remote Code Execution via WriteConfig Function
CVSS 7.2
CVE-2021-39115 HIGH
Atlassian Jira Service Management Server/Data Center - Server-Side Template Injection
CVSS 7.2
CVE-2021-32831 HIGH
total.js < 3.4.9 - Remote Code Execution via utils.set Function
CVSS 7.5
CVE-2021-29772 CRITICAL
IBM API Connect 5.0.0.0-5.0.8.11 - Code Injection via Unsanitized User Input
CVSS 9.8
CVE-2021-39159 CRITICAL
BinderHub < 0.2.0-n653 - Remote Code Execution via Malicious Input
CVSS 9.6
CVE-2021-39160 CRITICAL
nbgitpuller 0.9.0-0.10.1 - OS Command Injection via Malicious Link
CVSS 9.6
CVE-2021-40084 CRITICAL
opensysusers < 0.6 - Command Injection via sysusers.d GECOS Field
CVSS 9.8
Details
Vulnerabilities 6,519
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits