Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2019-15388 HIGH

Coolpad Mega 5 Firmware - Unauthenticated Remote Code Execution via MITM Command Injection

CVE-2019-10211 CRITICAL

Postgresql <11.5-9.4.24 - Code Injection

CVE-2019-17526 CRITICAL

SageMath Sage Cell Server - OS Command Injection via Python Code Execution

CVE-2019-17613 CRITICAL

qibosoft 7 - Remote Code Execution via Point Introduction Management Feature

CVE-2019-17408 CRITICAL

ZZZCMS zzzphp 1.7.3 - Remote Code Execution via Template Parser Bypass

CVE-2019-3652 MEDIUM

McAfee Endpoint Security < 10.6.1 - Code Injection via EPSetup.exe

CVE-2019-17310 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in Campaigns Module

CVE-2019-17309 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in EmailMan Module

CVE-2019-17308 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in Emails Module

CVE-2019-17307 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in Tracker Module

CVE-2019-17306 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in Configurator Module

CVE-2019-17305 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection via MergeRecords Module

CVE-2019-17304 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection via MergeRecords Module

CVE-2019-17303 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection via MergeRecords Module

CVE-2019-17302 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in ModuleBuilder

CVE-2019-17301 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection via ModuleBuilder

CVE-2019-17300 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in Administration Module

CVE-2019-17299 HIGH

SugarCRM 7.9.0.0-7.9.5.0 - Authenticated PHP Code Injection in Administration Module

CVE-2019-15746 CRITICAL

SITOS six v6.2.1 - OS Command Injection

CVE-2019-17132 CRITICAL

vBulletin <= 5.5.4 - Remote Code Execution via Custom Avatar Handling

CVE-2019-10431 CRITICAL

Jenkins Script Security Plugin < 1.64 - Sandbox Bypass via Default Parameter Expressions

CVE-2019-16759 CRITICAL KEV

vBulletin 5.x /ajax/render/widget_tabbedcontainer_tab_panel PHP remote code execution.

CVE-2019-16645 HIGH

Embedthis GoAhead 2.5.0 - Info Disclosure

CVE-2019-15087 HIGH

PRiSE adAS 1.7.0 - Authenticated Remote Code Execution via Password Hash Function Manipulation

CVE-2019-15001 HIGH

Atlassian Jira Server/Data Center RCE via Template Injection (7.0.10-8.4.0)

Previous Page 163 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy