CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2017-15806 HIGH
Zeta Components Mail < 1.8.2 - Remote Code Execution via Crafted Email Address in Return Path
CVSS 8.1
CVE-2017-16783 CRITICAL
CMS Made Simple 2.1.6 - Server-Side Template Injection via cntnt01detailtemplate Parameter
CVSS 9.8
CVE-2017-7411 HIGH
Tuleap < 9.6 - Remote Code Execution via User::getRecentElements() Unserialize
CVSS 8.8
CVE-2017-15935 HIGH
Artica Pandora FMS 7.0 - Authenticated Remote Code Execution via Manager Files Upload
CVSS 7.2
CVE-2017-15376 CRITICAL
Mobatek MobaXterm 10.4 - Unauthenticated Remote Code Execution via TELNET Service
CVSS 9.8
CVE-2017-14353 HIGH
HP UCMDB Foundation Software <10.33 - RCE
CVSS 8.8
CVE-2017-13676 HIGH
Norton Remove & Reinstall < 4.4.0.58 - DLL Preloading
CVSS 7.0
CVE-2017-14764 HIGH
GeniXCMS 1.1.4 - Authenticated PHP Code Execution via Module Upload
CVSS 8.8
CVE-2017-2809 HIGH
ansible-vault < 1.0.5 - Remote Code Execution via YAML Loading
CVSS 7.5
CVE-2017-8759 HIGH KEV
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 - Remote Code Execution
CVSS 7.8
CVE-2017-14146 HIGH
HelpDEZk 1.1.1 - Authenticated Remote Code Execution via PHP File Upload
CVSS 8.8
CVE-2017-3897 CRITICAL
McAfee Live Safe <16.0.3, MSS+ <3.11.599.3 - Code Injection
CVSS 9.8
CVE-2017-0899 CRITICAL
RubyGems < 2.6.13 - Terminal Escape Sequence Injection via Gem Specification
CVSS 9.8
CVE-2017-1440 HIGH
IBM Emptoris Services Procurement 10.0.0.5 - Remote Code Execution via Arbitrary File Inclusion
CVSS 8.8
CVE-2017-10844 HIGH
baserCMS < 3.0.14 and <= 4.0.5 - Remote Code Execution
CVSS 8.8
CVE-2017-10835 HIGH
Dokodemo eye Smart HD SCR02HD Firmware <= 1.0.3.1000 - Authenticated Code Injection
CVSS 8.8
CVE-2017-6782 MEDIUM
Cisco Prime Infrastructure 3.2(0.0) - Authenticated Stored XSS via Admin Web Interface
CVSS 5.4
CVE-2017-1469 HIGH
IBM InfoSphere Information Server 9.1 11.3 11.5 - Privilege Escalation via Arbitrary File Placement
CVSS 7.8
CVE-2017-3753 MEDIUM
Lenovo UEFI Firmware - Authenticated Code Injection via AMI BIOS
CVSS 6.8
CVE-2017-11760 HIGH
ProjeQtOr < 6.3.1 - Authenticated PHP Code Execution via Image Upload
CVSS 8.8
CVE-2017-11715 CRITICAL
MetInfo < 5.3.17 - Authenticated Remote Code Execution via .phtml File Upload
CVSS 9.8
CVE-2017-11675 HIGH
ZenCart 1.5.5e - Authenticated Remote Code Execution via Admin Name Array Parameter
CVSS 8.8
CVE-2017-11459 CRITICAL
SAP TREX 7.10 - Remote Code Execution via fdir Command
CVSS 9.8
CVE-2017-11585 CRITICAL
FineCMS 5.0.9 - Remote Code Execution via Template Cache Param Eval Injection
CVSS 9.8
CVE-2017-9822 HIGH KEV
DotNetNuke < 9.1.1 - Remote Code Execution via Cookie Deserialization
CVSS 8.8
Details
Vulnerabilities 6,536
Exploit Likelihood Medium