CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,530 vulnerabilities with CWE-94
CVE-2018-1275
CRITICAL
Spring Framework 4.3.0-4.3.15 - Remote Code Execution via STOMP over WebSocket
CVSS 9.8
CVE-2018-1273
CRITICAL
KEV
Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder
CVSS 9.8
CVE-2018-9848
CRITICAL
gxlcms_qy 1.0.0713 - Remote Code Execution via Upload Configuration Bypass
CVSS 9.8
CVE-2018-9847
CRITICAL
gxlcms_qy 1.0.0713 - Remote Code Execution via Template Update
CVSS 9.8
CVE-2018-1270
CRITICAL
Spring Framework < 4.3.16 and 5.0 < 5.0.5 - Remote Code Execution via STOMP over WebSocket
CVSS 9.8
CVE-2018-9175
CRITICAL
DedeCMS 5.7 - Remote Code Execution via egroup Parameter
CVSS 9.8
CVE-2018-9174
CRITICAL
DedeCMS 5.7 - Remote Code Execution via sys_verifies.php refiles Parameter
CVSS 9.8
CVE-2018-8823
CRITICAL
Responsive Mega Menu <1.7.2.5 - RCE
CVSS 9.8
CVE-2018-8966
HIGH
zzcms 8.2 - PHP Code Injection via Siteurl Parameter
CVSS 7.5
CVE-2018-1207
CRITICAL
Dell EMC iDRAC7/iDRAC8 < 2.52.52.52 - Unauthenticated Remote Code Execution via CGI Injection
CVSS 9.8
CVE-2018-8074
HIGH
Yii 2.x < 2.0.15 - Remote Code Injection via Elasticsearch Query
CVSS 8.1
CVE-2018-8073
CRITICAL
Yii 2.x < 2.0.15 - Remote Code Execution via Redis Extension LUA Code Injection
CVSS 9.8
CVE-2018-8756
HIGH
YzmCMS 3.7.1 - Remote Code Execution via Eval Injection in global.func.php
CVSS 7.2
CVE-2018-7756
CRITICAL
DEWESoft X3 SP1 - Unauthenticated Remote Code Execution via RunExeFile.exe TCP Port 1999
CVSS 9.8
CVE-2018-5782
CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-5781
CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-5780
CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-5779
CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-8097
CRITICAL
Eve < 0.7.5 - Remote Code Execution via MongoDB Where Parameter
CVSS 9.8
CVE-2018-1000070
HIGH
Bitmessage PyBitmessage <0.6.2 - Code Injection
CVSS 8.8
CVE-2018-7466
HIGH
TestLink < 1.9.16 - Remote Code Execution via DB Login Name Injection
CVSS 7.5
CVE-2018-6488
HIGH
Microfocus Ucmdb Configuration Manager - Code Injection
CVSS 8.1
CVE-2018-7271
HIGH
MetInfo 6.0.0 - Remote Code Execution via Install Configuration File Injection
CVSS 8.1
CVE-2018-6889
HIGH
Typesetter 5.1 - Host Header Injection
CVSS 8.8
CVE-2018-6574
HIGH
GO < 1.8.6 - Code Injection
CVSS 7.8
Details
Vulnerabilities
6,530
Exploit Likelihood
Medium