Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2019-19208 CRITICAL

Codiad Web IDE <2.8.4 - Code Injection

CVE-2019-3695 HIGH

pcp < 3.11.9-5.8.1 - Privilege Escalation via /var/log/pcp/configs.sh

CVE-2019-4000 HIGH

Druva inSync 6.5.0 - Authenticated Python Code Injection

CVE-2019-17268 CRITICAL

omniauth-weibo-oauth2 0.4.6 - Remote Code Execution via Malicious Gem

CVE-2019-20343 CRITICAL

MojoHaus Exec Maven Plugin 1.1.1 - Remote Code Execution via Crafted XML Configuration

CVE-2019-20155 HIGH

Determine Contract Lifecycle Management v5.4 - Authenticated Remote Code Execution via Report Generation

CVE-2019-10758 CRITICAL KEV

mongo-express < 0.54.0 - Remote Code Execution via toBSON Method

CVE-2019-19909 HIGH

Open Journal Systems < 3.1.2-2 - Authenticated Code Injection via Report Generator Deserialization

CVE-2019-7486 HIGH

SonicWall SMA100 <9.0.0.4 - Code Injection

CVE-2019-15599 CRITICAL

tree-kill < 1.2.2 - Remote Code Execution via Command Injection

CVE-2019-15598 CRITICAL

treekill < 1.2.2 - OS Command Injection

CVE-2019-15597 CRITICAL

node-df 0.1.4 - Remote Code Execution via Unsanitized Input

CVE-2019-4716 CRITICAL KEV

IBM Planning Analytics <2.0.9 - Privilege Escalation

CVE-2019-16774 MEDIUM

phpfastcache <5.1.3 - Code Injection

CVE-2019-10769 CRITICAL

safer-eval - Remote Code Execution via RangeError

CVE-2019-16885 CRITICAL

OkayCMS < 2.3.4 - Unauthenticated Remote Code Execution via Malicious Cookie Injection

CVE-2019-3665 MEDIUM

McAfee WebAdvisor < 4.1.1.48 - Unauthenticated Code Injection via Crafted Website

CVE-2019-19502 CRITICAL

maleck/image_uploader_and_browser_for_ckeditor < 4.1.9 - Authenticated PHP Code Injection in pluginconfig.php

CVE-2019-14867 HIGH

FreeIPA 4.6.0-4.6.6, 4.7.0-4.7.3, 4.8.0-4.8.2 - Unauthenticated Denial of Service via Kerberos Key Parsing

CVE-2019-16255 HIGH

Ruby <2.4.7, 2.5.x<2.5.6, 2.6.x<2.6.4 - Code Injection

CVE-2019-13714 MEDIUM

Google Chrome < 78.0.3904.70 - CSS Injection via Color Enhancer Extension

CVE-2019-3427 HIGH

ZTE ZXCDN IAMWEB V6.01.03.01 - Code Injection

CVE-2019-18889 CRITICAL

Symfony 3.4.0-3.4.34, 4.2.0-4.2.11, 4.3.0-4.3.7 - Remote Code Execution via Cache Adapter Serialization

CVE-2019-5509 CRITICAL

ONTAP Select Deploy Administration Utility 2.11.2-2.12.2 - Unauthenticated Code Injection

CVE-2019-19010 CRITICAL

Limnoria <2019.11.09 & Supybot <=2018-05-09 - Info Disclosure

Previous Page 162 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy