CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,528 vulnerabilities with CWE-94
CVE-2019-7609 CRITICAL KEV
Kibana Timelion Prototype Pollution RCE
CVSS 10.0
CVE-2019-10015 HIGH
baigoSSO 3.0.1 - Remote Code Execution via Configuration Screen Form Field
CVSS 7.2
CVE-2019-5413 CRITICAL
morgan < 1.9.1 - Remote Code Execution via Format Parameter Injection
CVSS 9.8
CVE-2019-9651 CRITICAL
SDCMS V1.7 - Remote Code Execution via Theme Controller File Upload
CVSS 9.8
CVE-2019-9227 CRITICAL
baigo CMS 2.1.1 - Remote Code Execution via BG_SITE_NAME Parameter
CVSS 9.8
CVE-2019-9115 CRITICAL
irisnet-crypto < 1.1.7 - Remote Code Execution via Unsafe Eval in util/utils.js
CVSS 9.8
CVE-2019-9082 HIGH KEV
ThinkPHP < 3.2.4 - Remote Code Execution via Public Endpoint
CVSS 8.8
CVE-2019-8341 CRITICAL
Jinja2 - Server-Side Template Injection via from_string Function
CVSS 9.8
CVE-2019-7720 CRITICAL
taocms <2014-05-24 - Code Injection
CVSS 9.8
CVE-2019-7719 CRITICAL
nibbleblog 4.0.5 - Remote Code Execution via install.php Username Parameter
CVSS 9.8
CVE-2019-7692 CRITICAL
CIM 0.9.3 - Remote Code Execution via Configuration File Mishandling
CVSS 9.8
CVE-2019-7580 HIGH
ThinkCMF 5.0.190111 - Remote Code Execution via Portal Admin Category Alias Parameter
CVSS 8.8
CVE-2019-4038 MEDIUM
IBM Security Identity Manager 6.0.0.0-6.0.0.19 - Code Injection
CVSS 6.2
CVE-2019-6713 CRITICAL
ThinkCMF 5.0.190111 - Remote Code Execution via Route Configuration Injection
CVSS 9.8
CVE-2019-0542 HIGH
xterm.js < 5.0.0 - Remote Code Execution via Special Character Mishandling
CVSS 8.8
CVE-2019-0247 CRITICAL
SAP Cloud Connector < 2.11.3 - Code Injection
CVSS 9.8
CVE-2019-3575 HIGH
sqla_yaml_fixtures 0.9.1 - Local Code Execution via Fixture Text Argument
CVSS 7.8
CVE-2018-25357 CRITICAL
Dolibarr ERP CRM 7.0.3 Remote Code Evaluation via install/step1.php
CVSS 9.8
CVE-2018-25320 CRITICAL
ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
CVSS 9.8
CVE-2018-25114 CRITICAL
osCommerce Online Merchant <2.3.4.1 - RCE
CVE-2018-4031 CRITICAL
CUJO Smart Firewall 7003 - Remote Code Execution via Safe Browsing HTTP Request Parsing
CVSS 10.0
CVE-2018-21023 HIGH
Centreon Web 2.8-2.8.27 - Authenticated Remote Code Execution via getStats.php ns_id Parameter
CVSS 8.8
CVE-2018-21005 CRITICAL
bbpress_move_topics < 1.1.6 - Code Injection
CVSS 9.8
CVE-2018-20988 HIGH
Google Forms < 0.94 - Code Injection
CVSS 7.5
CVE-2018-18573 HIGH
osCommerce 2.3.4.1 - Authenticated Remote Code Execution via .htaccess Upload
CVSS 7.2
Details
Vulnerabilities 6,528
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits