CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2018-1000070 HIGH
Bitmessage PyBitmessage <0.6.2 - Code Injection
CVSS 8.8
CVE-2018-7466 HIGH
TestLink < 1.9.16 - Remote Code Execution via DB Login Name Injection
CVSS 7.5
CVE-2018-6488 HIGH
Microfocus Ucmdb Configuration Manager - Code Injection
CVSS 8.1
CVE-2018-7271 HIGH
MetInfo 6.0.0 - Remote Code Execution via Install Configuration File Injection
CVSS 8.1
CVE-2018-6889 HIGH
Typesetter 5.1 - Host Header Injection
CVSS 8.8
CVE-2018-6574 HIGH
GO < 1.8.6 - Code Injection
CVSS 7.8
CVE-2018-0007 CRITICAL
Junos OS Multiple Versions - DoS and RCE via Malicious LLDP Packet
CVSS 9.8
CVE-2018-2363 HIGH
SAP NetWeaver 7.00-7.02, 7.10-7.11, 7.30-7.31, 7.40, 7.50-7.52 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2017-20251 CRITICAL
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
CVSS 9.8
CVE-2017-20099 HIGH
Analytics Stats Counter Statistics Plugin <1.2.2.5 - Code Injection
CVSS 7.3
CVE-2017-20095 MEDIUM
Simple Ads Manager Plugin - Code Injection
CVSS 6.3
CVE-2017-20086 MEDIUM
VaultPress Plugin <1.8.4 - Code Injection
CVSS 6.3
CVE-2017-20064 MEDIUM
Elefant CMS <1.3.13 - Code Injection
CVSS 6.3
CVE-2017-18113 HIGH
Jira Server and Data Center < 8.18.1 - Remote Code Execution via Malicious Workflow Import
CVSS 8.8
CVE-2017-18924 HIGH
oauth2-server <3.1.1 - Command Injection
CVSS 7.5
CVE-2017-18468 MEDIUM
cPanel 55.9999.61-61.9999.999 - Authenticated Remote Code Execution via Htaccess::setphppreference API
CVSS 6.3
CVE-2017-14853 HIGH
Orpak SiteOmat OrCU <2017-09-25 - Code Injection
CVSS 8.6
CVE-2017-18108 HIGH
Atlassian Crowd < 2.10.2 - Authenticated Remote Code Execution via JNDI Injection
CVSS 7.2
CVE-2017-18356 HIGH
WooCommerce < 3.2.4 - Authenticated PHP Object Injection via Shortcode Cached Query
CVSS 8.8
CVE-2017-1002152 MEDIUM
Bodhi < 2.9.0 - Cross-Site Scripting via Bug Title Validation
CVSS 6.1
CVE-2017-1753 MEDIUM
IBM Rational Products 5.0.0-5.0.1 - HTML Injection
CVSS 5.4
CVE-2017-1329 MEDIUM
IBM Rational Quality Manager 5.0-5.0.1 and 6.0-6.0.5 - HTML Injection
CVSS 5.4
CVE-2017-1248 MEDIUM
IBM Rational Quality Manager 5.0-5.0.1 and 6.0-6.0.5 - HTML Injection
CVSS 5.4
CVE-2017-1242 MEDIUM
IBM Rational Quality Manager 5.0.x and 6.0-6.0.5 - HTML Injection
CVSS 5.4
CVE-2017-7465 CRITICAL
JBoss Enterprise Application Platform - Remote Code Execution via XSLT Processing
CVSS 9.0
Details
Vulnerabilities 6,536
Exploit Likelihood Medium