Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94

CVE-2019-13558 CRITICAL

Advantech WebAccess < 8.4.1 - Remote Code Execution

CVE-2019-3759 MEDIUM

RSA Identity Governance and Lifecycle < 7.1.0 P08 - Authenticated Code Injection via Groovy Script Execution

CVE-2019-0355 HIGH

SAP NetWeaver Application Server Java Web Container < 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 - Code Injection

CVE-2019-15873 HIGH

ProfileGrid < 2.8.6 - Remote Code Execution via pm_template_preview Action

CVE-2019-2390 HIGH

MongoDB <4.0.11, <3.6.14, <3.4.22 - Code Injection

CVE-2019-15647 HIGH

groundhogg < 1.3.5 - Authenticated Remote Code Execution via Bulk Action Listener

CVE-2019-15642 HIGH

Webmin < 1.920 - Authenticated Remote Code Execution via unserialise_variable Eval Call

CVE-2019-15318 CRITICAL

yikes-inc-easy-mailchimp-extender < 6.5.3 - Authenticated Code Injection via Admin Input Field

CVE-2019-15224 CRITICAL

rest-client 1.6.10-1.6.13 - Remote Code Execution via Malicious Gem

CVE-2019-1194 HIGH

Internet Explorer - Remote Code Execution via Scripting Engine Memory Corruption

CVE-2019-1157 HIGH

Windows Jet Database Engine - Remote Code Execution via Crafted File

CVE-2019-1150 HIGH

Windows - Remote Code Execution via Crafted Embedded Fonts

CVE-2019-1057 HIGH

Microsoft Windows - Remote Code Execution via MSXML Parser

CVE-2019-0343 HIGH

SAP Commerce Cloud 6.4-6.7, 1808-1905 - Authenticated Code Injection via Mediaconversion Extension

CVE-2019-14965 CRITICAL

Frappe Framework 10.0.0-12.0.3 - Server-Side Template Injection

CVE-2019-14746 CRITICAL

KuaiFanCMS 5.0 - Remote Code Execution via Install.php db_name Parameter

CVE-2019-7871 HIGH

Magento <2.1.18-2.3.2 - Auth Bypass

CVE-2019-9140 HIGH

Happypoint <= 6.3.19 - URL Redirection and JavaScript Execution via Deeplink Scheme

CVE-2019-0193 HIGH KEV

Apache Solr < 7.7.3 and 8.0.0-8.1.1 - Remote Code Execution via DataImportHandler dataConfig Parameter

CVE-2019-10182 HIGH

Icedtea-web <1.7.2, 1.8.2 - Path Traversal

CVE-2019-11201 HIGH

Dolibarr ERP/CRM < 9.0.3 - Authenticated Remote Code Execution via Website Module WYSIWYG Editor

CVE-2019-14282 CRITICAL

simple_captcha2 gem 0.2.3 - Code Injection

CVE-2019-14281 CRITICAL

datagrid gem 1.0.6 - Code Injection

CVE-2019-10173 CRITICAL

xstream API <1.4.11 - Use After Free

CVE-2019-11552 HIGH

Code42 Enterprise <6.7.5, 6.8 <6.8.8, 6.9 <6.9.4 - Code Injection

Previous Page 164 of 262 Next

Details

Vulnerabilities 6,528

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy