CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,530 vulnerabilities with CWE-94
CVE-2018-18258 CRITICAL
BageCMS 3.1.3 - Remote Code Execution via Template Update URI
CVSS 9.8
CVE-2018-7633 CRITICAL
Epicentro E_7.3.2+ - Cross-Site Scripting via Login Form Language Parameter
CVSS 9.8
CVE-2018-18083 CRITICAL
DuomiCMS 3.0 - Remote Code Execution via search.php searchword Parameter
CVSS 9.8
CVE-2018-14804 CRITICAL
Emerson AMS Device Manager <14 - RCE
CVSS 9.8
CVE-2018-17827 HIGH
HisiPHP 1.0.8 - Remote Code Execution via Plugin Name Injection
CVSS 7.2
CVE-2018-17364 HIGH
OTCMS 3.61 - Remote Code Execution via accBackupDir Parameter
CVSS 8.1
CVE-2018-17173 CRITICAL
LG SuperSign CMS - Remote Code Execution via sourceUri Parameter
CVSS 9.8
CVE-2018-17207 CRITICAL
Snap Creek Duplicator <1.2.42 - Code Injection
CVSS 9.8
CVE-2018-14630 HIGH
moodle <3.0.10, 3.5.0-3.5.2 - Remote Code Execution via XML Import of ddwtos Quiz Questions
CVSS 8.8
CVE-2018-11781 HIGH
Apache SpamAssassin < 3.4.2 - Local Code Injection via Meta Rule Syntax
CVSS 7.8
CVE-2018-11780 CRITICAL
Apache SpamAssassin < 3.4.2 - Remote Code Execution via PDFInfo Plugin
CVSS 9.8
CVE-2018-17134 HIGH
PHPMyWind 5.5 - Authenticated Remote Code Execution via cfg_author and cfg_webpath Fields
CVSS 7.2
CVE-2018-17133 HIGH
PHPMyWind 5.5 - Authenticated Remote Code Execution via Rewrite URL Setting
CVSS 7.2
CVE-2018-17132 HIGH
PHPMyWind 5.5 - Authenticated Remote Code Execution via attrvalue[] Parameter
CVSS 7.2
CVE-2018-17131 HIGH
PHPMyWind 5.5 - Authenticated Remote Code Execution via Admin Web Config varvalue Field
CVSS 7.2
CVE-2018-17126 CRITICAL
CScms 4.1 - Remote Code Execution via Web Name Parameter
CVSS 9.8
CVE-2018-17036 CRITICAL
UCMS 1.4.6 and 1.6 - PHP Code Injection via Install Systemdomain Parameter
CVSS 9.8
CVE-2018-17030 HIGH
BigTree CMS 4.2.23 - Authenticated RCE
CVSS 7.5
CVE-2018-16975 CRITICAL
Elefant CMS <2.0.7 - Code Injection
CVSS 9.8
CVE-2018-3686 MEDIUM
Intel SA-00086 Detection Tool < 1.2.7.0 - Authenticated Code Injection via Local Access
CVSS 6.7
CVE-2018-15886 HIGH
Monstra CMS 3.0.4 - Authenticated PHP Code Injection via Snippet Edit
CVSS 7.2
CVE-2018-16771 CRITICAL
Hoosk 1.7.0 - Remote Code Execution via SiteUrl Parameter
CVSS 9.8
CVE-2018-16604 HIGH
Nibbleblog 4.0.5 - Authenticated PHP Code Injection via Username Parameter
CVSS 7.2
CVE-2018-0675 HIGH
AttacheCase < 3.3.0.0 - Remote Code Execution
CVSS 7.8
CVE-2018-0674 HIGH
AttacheCase < 2.8.4.0 - Arbitrary Script Execution
CVSS 7.8
Details
Vulnerabilities 6,530
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits