Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,530 vulnerabilities with CWE-94

CVE-2018-20027 CRITICAL

Pylearn2 - Code Injection via YAML Parse Load

CVE-2018-18249 CRITICAL

Icinga Web 2 < 2.6.2 - PHP Code Injection via Environment Variable Manipulation

CVE-2018-20129 HIGH

DedeCMS V5.7 SP2 - Remote Code Execution via Double Extension and Content Type Spoofing

CVE-2018-8540 CRITICAL

.NET Framework - Remote Code Execution via Improper Input Validation

CVE-2018-19595 CRITICAL

PbootCMS V1.3.1 build 2018-11-14 - Remote Code Execution via Mixed-Case Eval Bypass

CVE-2018-19520 HIGH

SDCMS 1.6 - Authenticated Remote Code Execution via preg_replace 'e' Call in Theme Management

CVE-2018-19463 HIGH

Z-BlogPHP <1.5.1 - Authenticated RCE

CVE-2018-19404 HIGH

YXcms 1.4.7 - Authenticated Remote Code Execution via Online Install ZIP Import

CVE-2018-8415 HIGH

PowerShell Core - Code Injection via Tampering

CVE-2018-2491 HIGH

SAP Fiori Client < 1.11.5 - Stored Cross-Site Scripting via Deep Link URL Logging

CVE-2018-1808 MEDIUM

IBM WebSphere Commerce 9.0.0.0-9.0.0.6 - Server-Side Code Injection

CVE-2018-1792 HIGH

IBM WebSphere MQ 8.0.0.0-8.0.0.10, 9.0.0.0-9.0.0.5, 9.0.1-9.0.5, 9.1.0.0 - Local Code Injection with Root Privileges

CVE-2018-19220 CRITICAL

LAOBANCMS 2.0 - Remote Code Execution via Install Host Parameter

CVE-2018-19196 CRITICAL

XiaoCms 20141229 - Remote Code Execution via Upload File Type Bypass

CVE-2018-19180 CRITICAL

YUNUCMS 1.1.5 - Remote Code Execution via DB_PREFIX Parameter in Install Setup

CVE-2018-19127 CRITICAL

PHPCMS 2008 - Code Injection via Template Parameter

CVE-2018-19053 HIGH

PbootCMS 1.2.2 - Remote Code Execution via General Log File Injection

CVE-2018-14667 CRITICAL KEV

RichFaces Framework 3.X-3.3.4 - Code Injection

CVE-2018-18903 CRITICAL

Vanilla 2.6.0-2.6.3 - Remote Code Execution

CVE-2018-6012 CRITICAL

RainMachine Mini-8 - Code Injection

CVE-2018-18892 CRITICAL

MiniCMS 1.10 - Remote Code Execution via Install.php Sitename Parameter

CVE-2018-18835 CRITICAL

DocCms 2016.5.12 - Remote Code Execution via Template File Upload

CVE-2018-18461 CRITICAL

Arigato Autoresponder and Newsletter v2.5.1.7 - Remote Code Execution via Attachment Data

CVE-2018-18426 HIGH

s-cms 3.0 - Remote Code Execution via User-agent Disallow Parameter

CVE-2018-18319 CRITICAL

Asuswrt-Merlin Firmware < 380.70 - Remote Code Execution via Merlin.PHP API

Previous Page 168 of 262 Next

Details

Vulnerabilities 6,530

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy