CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2017-11421 HIGH
gnome-exe-thumbnailer < 0.9.4 - VBScript Injection via MSI Filename
CVSS 7.8
CVE-2017-11167 CRITICAL
FineCMS 2.1.0 - Remote Code Execution via URL Manager Domain Name Injection
CVSS 9.8
CVE-2017-10968 CRITICAL
FineCMS through 2017-07-07 - Remote Code Execution via Template Controller
CVSS 9.8
CVE-2017-9841 CRITICAL KEV
PHPUnit < 4.8.28 and 5.x < 5.6.3 - Remote Code Execution via HTTP POST Data
CVSS 9.8
CVE-2017-6325 MEDIUM
Symantec Messaging Gateway < 10.6.3 - Remote Code Execution via File Inclusion
CVSS 6.6
CVE-2017-9807 CRITICAL
openwebif < 1.2.4 - Unauthenticated Remote Code Execution via saveConfig API
CVSS 9.8
CVE-2017-9774 HIGH
Horde_Image < 2.5.0 - Authenticated Remote Code Execution
CVSS 8.8
CVE-2017-9771 CRITICAL
WebsiteBaker 2.10.0 - Remote Code Execution via Database Configuration Parameters
CVSS 9.8
CVE-2017-9442 HIGH
BigTree CMS <4.2.18 - Authenticated RCE
CVSS 8.8
CVE-2017-8402 HIGH
PivotX 2.3.11 - Authenticated PHP Code Execution via .htaccess File Upload
CVSS 8.8
CVE-2017-7494 CRITICAL KEV
Samba is_known_pipename() Arbitrary Module Load
CVSS 9.8
CVE-2017-8912 HIGH
CMS Made Simple 2.1.6 - Authenticated PHP Code Execution via Edit User Tag
CVSS 7.2
CVE-2017-7911 HIGH
CyberVision Kaa IoT Platform 0.7.4 - Remote Code Execution via Insufficient Encapsulation
CVSS 8.8
CVE-2017-8284 HIGH
QEMU < 2.8.1.1 - Local Privilege Escalation via TCG Mode Instruction Size Overflow
CVSS 7.0
CVE-2017-7694 HIGH
Symphony CMS <2.6.11 - Authenticated RCE
CVSS 8.8
CVE-2017-7691 CRITICAL
SAP TREX - Code Injection
CVSS 9.8
CVE-2017-7625 CRITICAL
Fiyo CMS 2.x-2.0.7 - Unauthenticated Remote Code Execution via Content Parameter
CVSS 9.8
CVE-2017-7570 HIGH
PivotX 2.3.11 - Authenticated Remote Code Execution via File Extension Manipulation
CVSS 8.8
CVE-2017-4964 HIGH
Cloud Foundry Foundation BOSH Azure CPI v22 - Code Injection
CVSS 8.8
CVE-2017-7402 CRITICAL
Pixie 1.0.4 - Authenticated Remote Code Execution via Double Extension File Upload
CVSS 9.8
CVE-2017-7324 CRITICAL
MODX Revolution < 2.5.4 - Remote Code Execution via core_path Parameter
CVSS 9.8
CVE-2017-7321 CRITICAL
MODX Revolution < 2.5.4 - Remote Code Execution via Setup Welcome Controller
CVSS 9.8
CVE-2017-6455 HIGH
NTP < 4.2.8p10 and 4.3.x < 4.3.94 - Local Privilege Escalation via PPSAPI DLL Injection
CVSS 7.0
CVE-2017-6186 MEDIUM
Bitdefender Antivirus Plus, Internet Security, Total Security < 12.0 - Local Code Injection
CVSS 6.7
CVE-2017-2968 CRITICAL
Adobe Campaign <= 16.4 Build 8724 - Code Injection
CVSS 9.1
Details
Vulnerabilities 6,536
Exploit Likelihood Medium