CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,530 vulnerabilities with CWE-94
CVE-2018-1275 CRITICAL
Spring Framework 4.3.0-4.3.15 - Remote Code Execution via STOMP over WebSocket
CVSS 9.8
CVE-2018-1273 CRITICAL KEV
Spring Data Commons < 1.13.11 - Unauthenticated Remote Code Execution via Property Binder
CVSS 9.8
CVE-2018-9848 CRITICAL
gxlcms_qy 1.0.0713 - Remote Code Execution via Upload Configuration Bypass
CVSS 9.8
CVE-2018-9847 CRITICAL
gxlcms_qy 1.0.0713 - Remote Code Execution via Template Update
CVSS 9.8
CVE-2018-1270 CRITICAL
Spring Framework < 4.3.16 and 5.0 < 5.0.5 - Remote Code Execution via STOMP over WebSocket
CVSS 9.8
CVE-2018-9175 CRITICAL
DedeCMS 5.7 - Remote Code Execution via egroup Parameter
CVSS 9.8
CVE-2018-9174 CRITICAL
DedeCMS 5.7 - Remote Code Execution via sys_verifies.php refiles Parameter
CVSS 9.8
CVE-2018-8823 CRITICAL
Responsive Mega Menu <1.7.2.5 - RCE
CVSS 9.8
CVE-2018-8966 HIGH
zzcms 8.2 - PHP Code Injection via Siteurl Parameter
CVSS 7.5
CVE-2018-1207 CRITICAL
Dell EMC iDRAC7/iDRAC8 < 2.52.52.52 - Unauthenticated Remote Code Execution via CGI Injection
CVSS 9.8
CVE-2018-8074 HIGH
Yii 2.x < 2.0.15 - Remote Code Injection via Elasticsearch Query
CVSS 8.1
CVE-2018-8073 CRITICAL
Yii 2.x < 2.0.15 - Remote Code Execution via Redis Extension LUA Code Injection
CVSS 9.8
CVE-2018-8756 HIGH
YzmCMS 3.7.1 - Remote Code Execution via Eval Injection in global.func.php
CVSS 7.2
CVE-2018-7756 CRITICAL
DEWESoft X3 SP1 - Unauthenticated Remote Code Execution via RunExeFile.exe TCP Port 1999
CVSS 9.8
CVE-2018-5782 CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-5781 CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-5780 CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-5779 CRITICAL
Mitel Connect ONSITE <R1711-PREM - RCE
CVSS 9.8
CVE-2018-8097 CRITICAL
Eve < 0.7.5 - Remote Code Execution via MongoDB Where Parameter
CVSS 9.8
CVE-2018-1000070 HIGH
Bitmessage PyBitmessage <0.6.2 - Code Injection
CVSS 8.8
CVE-2018-7466 HIGH
TestLink < 1.9.16 - Remote Code Execution via DB Login Name Injection
CVSS 7.5
CVE-2018-6488 HIGH
Microfocus Ucmdb Configuration Manager - Code Injection
CVSS 8.1
CVE-2018-7271 HIGH
MetInfo 6.0.0 - Remote Code Execution via Install Configuration File Injection
CVSS 8.1
CVE-2018-6889 HIGH
Typesetter 5.1 - Host Header Injection
CVSS 8.8
CVE-2018-6574 HIGH
GO < 1.8.6 - Code Injection
CVSS 7.8
Details
Vulnerabilities 6,530
Exploit Likelihood Medium