CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2017-5543 CRITICAL
Subrion 4.0.5 - PHP Object Injection via Salt Cookie
CVSS 9.8
CVE-2016-15044 CRITICAL
Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices
CVE-2016-11064 CRITICAL
Mattermost Desktop App < 3.4.0 - Remote Code Execution via String Injection
CVSS 9.8
CVE-2016-9651 HIGH
Google Chrome < 55.0.2883.75 - Remote Code Execution via V8 JS Object Property Check Bypass
CVSS 8.8
CVE-2016-5402 HIGH
Red Hat CloudForms - Authenticated Remote Code Execution via Capacity and Utilization Control File Processing
CVSS 8.8
CVE-2016-4397 HIGH
HP Network Node Manager i <10.20 - RCE
CVSS 7.8
CVE-2016-4391 CRITICAL
HP ArcSight WINC Connector <7.3.0 - RCE
CVSS 9.8
CVE-2016-10548 MEDIUM
reduce-css-calc <=1.2.4 - Arbitrary Code Execution via Crafted CSS Input
CVSS 6.1
CVE-2016-10546 CRITICAL
PouchDB < 6.0.4 - Remote Code Execution via Map/Reduce Functions
CVSS 9.8
CVE-2016-10541 CRITICAL
shell-quote < 1.6.1 - OS Command Injection via Redirection Operator Escape Bypass
CVSS 9.8
CVE-2016-5713 CRITICAL
Puppet Agent <1.6.0 - Code Injection
CVSS 9.8
CVE-2016-4895 HIGH
Setucocms - Code Injection
CVSS 8.8
CVE-2016-5072 HIGH
OXID eShop < 2016-06-13 - Remote Code Execution via oxuser Class
CVSS 8.8
CVE-2016-1602 HIGH
SUSE Linux Enterprise - Code Injection
CVSS 7.8
CVE-2016-8020 HIGH
Intel Security VirusScan Enterprise Linux <2.0.3 - Code Injection
CVSS 8.0
CVE-2016-8354 HIGH
Schneider Electric Unity PRO < V11.1 - Code Injection
CVSS 7.0
CVE-2016-5727 HIGH
Simple Machines Forum <2.1 - Code Injection
CVSS 8.8
CVE-2016-5726 CRITICAL
Simple Machines Forum <2.1 - Code Injection
CVSS 9.8
CVE-2016-6175 CRITICAL
php-gettext <1.0.12 - Code Injection
CVSS 9.8
CVE-2016-7102 HIGH
owncloud_desktop_client < 2.2.2 - Local Code Execution via Trojan Library in Special Path
CVSS 8.4
CVE-2016-2242 CRITICAL
Exponent CMS 2.x < 2.3.7 Patch 3 - Remote Code Execution via install/index.php sc Parameter
CVSS 9.8
CVE-2016-10157 CRITICAL
Akamai NetSession 1.9.3.1 - Code Injection
CVSS 9.8
CVE-2016-10072 MEDIUM
WampServer 3.0.6 - Privilege Escalation
CVSS 5.3
CVE-2016-7968 MEDIUM
KMail < 5.3.0 - Remote Code Execution via JavaScript in HTML Email
CVSS 6.5
CVE-2016-7967 HIGH
KMail < 5.3.0 - Improper Access Control via QWebEngine JavaScript Execution
CVSS 8.1
Details
Vulnerabilities 6,536
Exploit Likelihood Medium