CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94
CVE-2019-13956 CRITICAL
Discuz!ML 3.2-3.4 - Remote Code Execution via Language Cookie Injection
CVSS 9.8
CVE-2019-9848 CRITICAL
LibreOffice < 6.2.5 - Remote Code Execution via LibreLogo Python Command Injection
CVSS 9.8
CVE-2019-6823 CRITICAL
ProClima < 8.0.0 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2019-0330 CRITICAL
SAP Diagnostic Agent 7.2 - OS Command Injection via OS Command Plugin
CVSS 9.1
CVE-2019-13354 CRITICAL
strong_password 0.0.7 - Remote Code Execution via Malicious Gem
CVSS 9.8
CVE-2019-13372 CRITICAL
D-Link Central WiFi Manager < 1.03 - Unauthenticated Remote Code Execution via Cookie Injection
CVSS 9.8
CVE-2019-12844 MEDIUM
JetBrains TeamCity < 2018.2.3 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2019-12843 MEDIUM
JetBrains TeamCity < 2018.2.3 - Stored JavaScript Injection
CVSS 6.1
CVE-2019-10100 CRITICAL
JetBrains YouTrack Confluence <1.8.1.3 - SSRF
CVSS 9.8
CVE-2019-5443 HIGH
curl <= 7.65.1 - Uncontrolled Search Path Element via OpenSSL Engine Config
CVSS 7.8
CVE-2019-1577 MEDIUM
Palo Alto Networks Traps <5.0.5 - Code Injection
CVSS 6.3
CVE-2019-8324 HIGH
RubyGems 2.6.0-3.0.2 - Remote Code Execution via Multi-Line Gem Name Injection
CVSS 8.8
CVE-2019-12761 HIGH
PyXDG < 0.26 - Code Injection via Menu XML Category Element
CVSS 7.5
CVE-2019-9891 CRITICAL
Advanced Bash Scripting Guide - Privilege Escalation
CVSS 9.8
CVE-2019-6816 CRITICAL
Modicon Quantum Firmware - Code Injection via Modbus Protocol
CVSS 9.1
CVE-2019-0091 HIGH
Intel Converged Security and Management Engine < 11.8.65 - Unauthenticated Code Injection via Local Installer
CVSS 7.8
CVE-2019-11642 HIGH
OneShield Policy (Dragon Core) <5.1.10 - Log Poisoning
CVSS 8.8
CVE-2019-11594 HIGH
AdBlock < 3.45.0 - Remote Code Execution via $rewrite Filter Option
CVSS 8.1
CVE-2019-11593 HIGH
Adblock Plus <3.5.2 - Code Injection
CVSS 8.1
CVE-2019-11376 HIGH
SOY CMS 3.0.2 - Remote Code Execution via PHP Code Injection in Text Box
CVSS 7.2
CVE-2019-10633 HIGH
Zyxel NAS326 Firmware < 5.21 - Authenticated Code Injection via tjp6jp6y4 simZysh and ck6fup6 APIs
CVSS 8.8
CVE-2019-10863 HIGH
TeemIp < 2.4.0 - Remote Code Execution via exec.php new_config Parameter
CVSS 7.2
CVE-2019-10842 CRITICAL
bootstrap-sass 3.2.0.3 - Unauthenticated Remote Code Execution via ___cfduid Cookie
CVSS 9.8
CVE-2019-10684 CRITICAL
74cms v5.0.1 - Remote Code Execution via site_domain Parameter
CVSS 9.8
CVE-2019-7610 CRITICAL
Kibana < 5.6.15 - Remote Code Execution via Security Audit Logger
CVSS 9.0
Details
Vulnerabilities 6,528
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits