CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94
CVE-2020-35131 CRITICAL
Cockpit < 0.6.1 - Remote Code Execution via registerCriteriaFunction
CVSS 9.8
CVE-2020-8274 MEDIUM
Citrix Secure Mail for Android <20.11.0 - Code Injection
CVSS 6.5
CVE-2020-28464 CRITICAL
djv < 2.1.4 - Remote Code Execution via Schema File Injection
CVSS 9.8
CVE-2020-20298 CRITICAL
zzzphp 1.7.2 - Remote Code Execution via ParserTemplate parserCommom Method
CVSS 9.8
CVE-2020-28367 HIGH
GO < 1.14.12 - Code Injection
CVSS 7.5
CVE-2020-28366 HIGH
GO < 1.14.12 - Code Injection
CVSS 7.5
CVE-2020-11851 CRITICAL
Micro Focus ArcSight Logger < 7.1.1 - Remote Code Execution
CVSS 9.8
CVE-2020-25557 HIGH
CMSuno 1.6.2 - Authenticated Remote Code Execution via Username Parameter
CVSS 8.8
CVE-2020-25538 HIGH
CMSuno 1.6.2 - Authenticated Remote Code Execution via Lang Parameter
CVSS 8.8
CVE-2020-7472 CRITICAL
SugarCRM < 8.0.7, 9.0 < 9.0.4, 10.0 < 10.0.0 - Unauthenticated Remote Code Execution via Installation Component
CVSS 9.8
CVE-2020-17091 HIGH
Microsoft Teams - Remote Code Execution
CVSS 7.8
CVE-2020-7373 CRITICAL
vBulletin 5.5.4-5.6.2 - Remote Code Execution via Widget TabbedContainer AJAX Request
CVSS 9.8
CVE-2020-7745 HIGH
MintegralAdSDK < 6.6.0.0 - Remote Code Execution via Malicious Backdoor
CVSS 7.1
CVE-2020-15252 HIGH
XWiki < 11.10.6 - Authenticated Remote Code Execution via Servlet Context Access
CVSS 8.5
CVE-2020-8349 CRITICAL
Lenovo CNOS REST API - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2020-24628 HIGH
HPE KVM IP Console Switches <2.8.3 - Code Injection
CVSS 8.8
CVE-2020-18185 CRITICAL
PluXml 5.7 - Remote Code Execution via Configuration File Modification
CVSS 9.8
CVE-2020-26124 HIGH
openmediavault < 4.1.36 and 5.x < 5.5.12 - Authenticated PHP Code Injection via rpc.php sortfield Parameter
CVSS 8.8
CVE-2020-15227 HIGH
Nette <2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 - Code Injection
CVSS 8.7
CVE-2020-8243 HIGH KEV
Pulse Connect Secure <9.1R8.2 - Authenticated RCE
CVSS 7.2
CVE-2020-15371 CRITICAL
Brocade Fabric OS <9.0.0 - Code Injection/Privilege Escalation
CVSS 9.8
CVE-2020-3513 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.7
CVE-2020-3416 MEDIUM
Cisco IOS XE - Privilege Escalation
CVSS 6.7
CVE-2020-11804 HIGH
SpamTitan 7.07 - Authenticated Code Injection via mailqueue.php quid Parameter
CVSS 8.8
CVE-2020-11803 HIGH
SpamTitan 7.07 - Authenticated Remote Code Execution via mailqueue.php jaction Parameter
CVSS 8.8
Details
Vulnerabilities 6,528
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits