Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2020-36708 CRITICAL

WordPress Themes - Function Injection

CVE-2020-29007 CRITICAL

MediaWiki Score < 0.3.0 - Remote Code Execution via GNU LilyPond Sandbox Escape

CVE-2020-36655 HIGH

Yii2 Gii <2.2.2 - Code Execution via Generator messageCategory Field

CVE-2020-21016 CRITICAL

D-Link DIR-846 Firmware 100A35 - Remote Code Execution via HNAP1 SetGuestWLanSettings

CVE-2020-25197 CRITICAL

GE RT430 RT431 RT434 Firmware < 08a06 - Authenticated Remote Code Execution

CVE-2020-15591 CRITICAL

Uni-stuttgart Frams' Fast File Exchange < 20160919_2 - Code Injection

CVE-2020-20601 CRITICAL

ThinkCMF X2.2.2 and below - Remote Code Execution via Crafted Packet

CVE-2020-23037 CRITICAL

Portable Playable 9.18 - Code Injection via Filename Parameter

CVE-2020-21652 CRITICAL

myucms 2.2.1 - Remote Code Execution via addqq() Method in Config Controller

CVE-2020-21651 CRITICAL

myucms 2.2.1 - Remote Code Execution via Point Controller add() Method

CVE-2020-21650 HIGH

myucms 2.2.1 - Remote Code Execution via Config Controller add() Method

CVE-2020-20124 HIGH

wuzhicms v4.1.0 - Remote Code Execution in Admin Attachment Index

CVE-2020-19822 HIGH

ZZCMS 2018 - Remote Code Execution via template_user.php ml and title Parameters

CVE-2020-22120 HIGH

imcat 5.1 - Authenticated Remote Code Execution via adm.php admin-ediy part Parameter

CVE-2020-22937 CRITICAL

EmpireCMS 7.5 - Remote Code Execution via Install File Injection

CVE-2020-18172 CRITICAL

Trezor Bridge <2.0.27 - Privilege Escalation

CVE-2020-23219 HIGH

Monstra CMS 3.0.4 - Remote Code Execution via Snippet Content Field

CVE-2020-21784 CRITICAL

phpwcms 1.9.13 - Code Injection via Setup Script

CVE-2020-22201 HIGH

phpcms 2008 sp4 - Remote Code Execution via pagesize Parameter

CVE-2020-28905 HIGH

Nagios Fusion <= 4.1.8 - Authenticated Remote Code Execution via Table Pagination

CVE-2020-28502 HIGH

xmlhttprequest < 1.7.0 and xmlhttprequest-ssl < 1.6.2 - Remote Code Execution via Synchronous Request

CVE-2020-35339 CRITICAL

74cms 5.0.1 - Remote Code Execution via ConfigController and functions.php

CVE-2020-35734 HIGH

Batflat 1.3.6 - Authenticated Remote Code Execution via User Profile Input Fields

CVE-2020-28870 CRITICAL

InoERP 0.7.2 - Unauthenticated Remote Code Execution via /modules/sys/form_personalization/json_fp.php

CVE-2020-35754 HIGH

OpenSolution Quick.CMS and Quick.Cart < 6.7 - Authenticated Remote Code Execution via Language Tab Input

Previous Page 157 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy