CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,530 vulnerabilities with CWE-94
CVE-2018-11587 CRITICAL
Centreon 3.4.6 and Centreon Web 2.8.23 - Remote Code Execution via Virtual Metric RPN Value
CVSS 9.8
CVE-2018-12531 CRITICAL
MetInfo 6.0.0 - Unauthenticated Arbitrary PHP Code Write via install/index.php
CVSS 9.8
CVE-2018-5158 HIGH
Firefox ESR < 52.8-Firefox < 60 - Code Injection
CVSS 8.8
CVE-2018-6512 CRITICAL
Puppet Enterprise 2018.1.x < 2018.1.1 and pe-razor-server < 1.9.0.0 - Remote Code Execution during Upgrade
CVSS 9.8
CVE-2018-11228 CRITICAL
Crestron TSW Series < 2.001.0037.001 - Unauthenticated Remote Code Execution
CVSS 9.8
CVE-2018-7951 HIGH
Huawei Server Firmware - Authenticated JSON Injection in iBMC
CVSS 8.8
CVE-2018-7950 HIGH
Huawei Server iBMC - Authenticated JSON Injection via Insufficient Input Validation
CVSS 8.8
CVE-2018-1133 HIGH
Moodle 3.1.0-3.1.11, 3.1-3.1.12 - Remote Code Execution via Calculated Question Eval Injection
CVSS 8.8
CVE-2018-1260 CRITICAL
Spring Security OAuth < 2.0.14, 2.3.0-2.3.2 - Remote Code Execution via Authorization Endpoint
CVSS 9.8
CVE-2018-2418 MEDIUM
SAP MaxDB ODBC Driver < 7.9.09.07 - Code Injection
CVSS 5.5
CVE-2018-10740 CRITICAL
Axublog 1.1.0 - Remote Code Execution via webkeywords Parameter
CVSS 9.8
CVE-2018-1104 HIGH
Ansible Tower <3.2.3 - Code Injection
CVSS 8.8
CVE-2018-10642 HIGH
Combodo iTop 2.4.1 - Command Injection
CVSS 7.2
CVE-2018-8938 CRITICAL
Ipswitch WhatsUp Gold < 18.0 - Remote Code Execution via SNMP MIB File Injection
CVSS 9.8
CVE-2018-10574 CRITICAL
BigTree CMS < 4.2.22 - Remote Code Execution via .htaccess File Upload
CVSS 9.8
CVE-2018-10517 HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Module Import XML Package
CVSS 7.2
CVE-2018-10515 HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via File Unpack Operation
CVSS 7.2
CVE-2018-10429 CRITICAL
Cosmo 1.0.0Beta6 - Remote Code Execution via Database Prefix Field
CVSS 9.8
CVE-2018-9113 HIGH
Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 - Remote Code Execution via Crafted CSV File
CVSS 7.8
CVE-2018-8974 HIGH
MicrobeTRACE 0.1.11 - Remote Code Execution via Crafted CSV File
CVSS 7.8
CVE-2018-10236 HIGH
POSCMS 3.2.18 - Remote Code Execution via Syscontroller.php Add Function
CVSS 7.2
CVE-2018-10235 HIGH
POSCMS 3.2.10 - Remote Code Execution via Setting.php Index Function
CVSS 7.2
CVE-2018-10133 CRITICAL
PbootCMS v0.9.8 - PHP Code Injection via IF Label in ParserController
CVSS 9.8
CVE-2018-10086 HIGH
CMS Made Simple < 2.2.7 - Authenticated Remote Code Execution via Test Function Eval Bypass
CVSS 7.2
CVE-2018-1028 HIGH
Microsoft Office Graphics Component - Remote Code Execution via Embedded Font Handling
CVSS 8.8
Details
Vulnerabilities 6,530
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits