Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2021-21353 MEDIUM

pug < 3.0.1 - Remote Code Execution via Pretty Option Injection

CVE-2021-25283 CRITICAL

SaltStack Salt <3002.5 - Code Injection

CVE-2021-3273 HIGH

Nagios XI < 5.7 - Authenticated Code Injection in graphtemplates.php

CVE-2021-26120 CRITICAL

Smarty < 3.1.39 - Code Injection via Unexpected Function Name

CVE-2021-23337 HIGH

Lodash <4.17.21 - Command Injection

CVE-2021-25251 HIGH

Trend Micro Security - Code Injection

CVE-2021-21477 CRITICAL

SAP Commerce Cloud 1808,1811,1905,2005,2011 - Authenticated Remote Code Execution via Drools Rule Injection

CVE-2021-26551 HIGH

SmartFoxServer 2.17.0 - Remote Code Execution via Console Module Unlock Bypass

CVE-2021-21305 HIGH

CarrierWave <2.1.1 - Code Injection

CVE-2021-25770 CRITICAL

JetBrains YouTrack < 2020.5.3123 - Server-Side Template Injection

CVE-2021-21277 HIGH

angular-expressions < 1.1.2 - Remote Code Execution via Constructor Bypass

CVE-2021-20187 HIGH

Moodle < 3.5.16, 3.8.7, 3.9.4, 3.10.1 - Authenticated Remote Code Execution via Shibboleth PHP Include

CVE-2021-21248 CRITICAL

OneDev < 4.0.3 - Remote Code Execution via Build Endpoint Parameter Injection

CVE-2021-21244 CRITICAL

OneDev <4.0.3 - Server Side Template Injection

CVE-2021-21466 HIGH

SAP Business Warehouse and BW/4HANA - Code Injection via Remote Function Module

CVE-2020-37167 HIGH

ClamAV/ClamBC < 0.103.0-rc - Code Injection via ClamBC Bytecode Function Name Manipulation

CVE-2020-37186 CRITICAL

Chevereto 3.13.4 - Remote Code Execution via Database Table Prefix Manipulation

CVE-2020-37178 HIGH

KeePass Password Safe < 2.44 - Denial of Service via Malicious HTML File in Help System

CVE-2020-37137 MEDIUM

PHP-Fusion 9.03.50 - Remote Code Execution via panels.php Panel Content Parameter

CVE-2020-37052 CRITICAL

Ubiquiti AirControl 1.4.2 - Unauthenticated Remote Code Execution via Java Expression Injection in /.seam Endpoint

CVE-2020-36875 CRITICAL

AccessAlly WordPress Plugin < 3.3.2 - Unauthenticated Remote Code Execution via Login Widget

CVE-2020-36870 CRITICAL

Ruijie Gateway EG and NBR Series 11.1(6)B9P1-11.9(4)B12P1 - Remote Code Execution via EWEB Management System

CVE-2020-36767 HIGH

tinyfiledialogs <3.8.0 - Command Injection

CVE-2020-22612 CRITICAL

MyBB < 1.8.22 - Remote Code Execution via Installer Settings File Write

CVE-2020-20918 HIGH

Pluck CMS 4.7.10-dev2 - Remote Code Execution via Admin Page Edit Parameter

Previous Page 156 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy