CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,536 vulnerabilities with CWE-94
CVE-2018-1000070
HIGH
Bitmessage PyBitmessage <0.6.2 - Code Injection
CVSS 8.8
CVE-2018-7466
HIGH
TestLink < 1.9.16 - Remote Code Execution via DB Login Name Injection
CVSS 7.5
CVE-2018-6488
HIGH
Microfocus Ucmdb Configuration Manager - Code Injection
CVSS 8.1
CVE-2018-7271
HIGH
MetInfo 6.0.0 - Remote Code Execution via Install Configuration File Injection
CVSS 8.1
CVE-2018-6889
HIGH
Typesetter 5.1 - Host Header Injection
CVSS 8.8
CVE-2018-6574
HIGH
GO < 1.8.6 - Code Injection
CVSS 7.8
CVE-2018-0007
CRITICAL
Junos OS Multiple Versions - DoS and RCE via Malicious LLDP Packet
CVSS 9.8
CVE-2018-2363
HIGH
SAP NetWeaver 7.00-7.02, 7.10-7.11, 7.30-7.31, 7.40, 7.50-7.52 - Unauthenticated Remote Code Execution
CVSS 8.8
CVE-2017-20251
CRITICAL
WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API
CVSS 9.8
CVE-2017-20099
HIGH
Analytics Stats Counter Statistics Plugin <1.2.2.5 - Code Injection
CVSS 7.3
CVE-2017-20095
MEDIUM
Simple Ads Manager Plugin - Code Injection
CVSS 6.3
CVE-2017-20086
MEDIUM
VaultPress Plugin <1.8.4 - Code Injection
CVSS 6.3
CVE-2017-20064
MEDIUM
Elefant CMS <1.3.13 - Code Injection
CVSS 6.3
CVE-2017-18113
HIGH
Jira Server and Data Center < 8.18.1 - Remote Code Execution via Malicious Workflow Import
CVSS 8.8
CVE-2017-18924
HIGH
oauth2-server <3.1.1 - Command Injection
CVSS 7.5
CVE-2017-18468
MEDIUM
cPanel 55.9999.61-61.9999.999 - Authenticated Remote Code Execution via Htaccess::setphppreference API
CVSS 6.3
CVE-2017-14853
HIGH
Orpak SiteOmat OrCU <2017-09-25 - Code Injection
CVSS 8.6
CVE-2017-18108
HIGH
Atlassian Crowd < 2.10.2 - Authenticated Remote Code Execution via JNDI Injection
CVSS 7.2
CVE-2017-18356
HIGH
WooCommerce < 3.2.4 - Authenticated PHP Object Injection via Shortcode Cached Query
CVSS 8.8
CVE-2017-1002152
MEDIUM
Bodhi < 2.9.0 - Cross-Site Scripting via Bug Title Validation
CVSS 6.1
CVE-2017-1753
MEDIUM
IBM Rational Products 5.0.0-5.0.1 - HTML Injection
CVSS 5.4
CVE-2017-1329
MEDIUM
IBM Rational Quality Manager 5.0-5.0.1 and 6.0-6.0.5 - HTML Injection
CVSS 5.4
CVE-2017-1248
MEDIUM
IBM Rational Quality Manager 5.0-5.0.1 and 6.0-6.0.5 - HTML Injection
CVSS 5.4
CVE-2017-1242
MEDIUM
IBM Rational Quality Manager 5.0.x and 6.0-6.0.5 - HTML Injection
CVSS 5.4
CVE-2017-7465
CRITICAL
JBoss Enterprise Application Platform - Remote Code Execution via XSLT Processing
CVSS 9.0
Details
Vulnerabilities
6,536
Exploit Likelihood
Medium