Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,530 vulnerabilities with CWE-94

CVE-2018-20988 HIGH

Google Forms < 0.94 - Code Injection

CVE-2018-18573 HIGH

osCommerce 2.3.4.1 - Authenticated Remote Code Execution via .htaccess Upload

CVE-2018-20931 MEDIUM

cPanel 61.9999.55-70.0.22 - Authenticated Remote Code Execution via Landing Page

CVE-2018-20896 LOW

cPanel 61.9999.55-61.9999.9999 - Code Injection in WHM cPAddons Interface

CVE-2018-17170 HIGH

Grouptime Teamwire Desktop Client <1.9.0 - Code Injection

CVE-2018-18836 MEDIUM

Netdata 1.10.0 - JSON Injection via tqx Parameter

CVE-2018-18879 HIGH

Columbia Weather MicroServer Firmware MS_2.6.9900 - Authenticated OS Command Injection via networkdiags.php

CVE-2018-19641 MEDIUM

Micro Focus Solutions Business Manager < 11.5 - Unauthenticated Remote Code Execution

CVE-2018-3700 MEDIUM

Intel USB 3.0 eXtensible Host Controller Driver < 5.0.4.43v2 - Code Injection via Installer

CVE-2018-20775 HIGH

Frog CMS 0.9.5 - Unauthenticated Remote Code Execution via File Manager Plugin

CVE-2018-20773 HIGH

Frog CMS 0.9.5 - PHP Code Injection via Page Edit Function

CVE-2018-20772 HIGH

Frog CMS 0.9.5 - PHP Code Execution via Layout Edit URI

CVE-2018-20768 CRITICAL

Xerox WorkCentre Multiple Models < R18-05 073.xxx.0487.15000 - PHP Code Execution

CVE-2018-19002 HIGH

LCDS Laquis SCADA < 4.1.0.4150 - Remote Code Execution via Crafted Project File

CVE-2018-19011 HIGH

CX-Supervisor < 3.42 - Code Injection via Project File

CVE-2018-20717 HIGH

PrestaShop < 1.7.2.5 - Authenticated Remote Code Execution via Serialized Object Injection

CVE-2018-0461 MEDIUM

Cisco IP Phone 8800 Series Firmware - Unauthenticated Arbitrary Script Injection via User-Supplied Data

CVE-2018-16168 CRITICAL

LogonTracer < 1.2.0 - Remote Code Execution via Python Code Injection

CVE-2018-20605 CRITICAL

imcat 4.4 - Remote Code Execution via bootskip.php Modification

CVE-2018-20599 HIGH

UCMS 1.4.7 - Remote Code Execution via sadmin_fileedit Action

CVE-2018-7801 HIGH

EVLink Parking <3.2.0-12_v1 - Code Injection

CVE-2018-20325 CRITICAL

Definitions Parser - Command Injection

CVE-2018-1000881 CRITICAL

Traccar Server <4.0 - Code Injection

CVE-2018-20300 CRITICAL

Empire CMS 7.5 - Remote Code Execution

CVE-2018-20133 CRITICAL

ymlref - Code Injection

Previous Page 167 of 262 Next

Details

Vulnerabilities 6,530

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy