CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,536 vulnerabilities with CWE-94
CVE-2015-9227 HIGH
AlegroCart 1.2.8 - Authenticated Remote Code Execution via File Path Parameter
CVSS 7.2
CVE-2015-8351 CRITICAL
Gwolle Guestbook < 1.5.3 - Authenticated Remote File Inclusion via abspath Parameter
CVSS 9.0
CVE-2015-3640 HIGH
phpMyBackupPro <2.5 - Command Injection
CVSS 7.5
CVE-2015-3638 HIGH
phpMyBackupPro < 2.5 - Authenticated PHP Code Injection via Scheduled Backup Parameters
CVSS 8.8
CVE-2015-0249 HIGH
Apache Roller 5.1-5.1.1 - Authenticated Remote Code Execution via Velocity Template Injection
CVSS 7.2
CVE-2015-2252 HIGH
Huawei OceanStor UDS Firmware < V100R002C01SPC102 - Remote Code Execution via Crafted UDS Patch
CVSS 8.8
CVE-2015-6531 HIGH
Palo Alto Networks PAN-OS < 6.0 - Remote Code Execution via Firmware Image File
CVSS 7.8
CVE-2015-0855 CRITICAL
pitivi < 0.94 - Remote Code Execution via Shell Metacharacters in File Path
CVSS 9.8
CVE-2015-8771 CRITICAL
GOsa generate_smb_nt_hash - Remote Code Execution via Crafted Password
CVSS 9.8
CVE-2015-5721 CRITICAL
Malware Information Sharing Platform < 2.3.89 - PHP Object Injection via Serialized Data
CVSS 9.8
CVE-2015-5970 MEDIUM
Novell ZENworks <11.4 - XPath Injection
CVSS 5.3
CVE-2015-8761 CRITICAL
Values module 7.x-1.x < 7.x-1.2 - Authenticated PHP Code Execution via ctools Import
CVSS 9.0
CVE-2015-5242
Red Hat Gluster Storage - Authenticated Remote Code Execution via Pickle Deserialization in Swift-on-File Metadata
CVE-2015-7905
Unitronics VisiLogic OPLC IDE <9.8.02 - RCE
CVE-2015-6555
Symantec Endpoint Protection Manager < 12.1-RU6-MP3 - Remote Code Execution via Console Java Port
CVE-2015-7729
SAP HANA Developer Edition DB <1.00.091.00.1418659308 - Code Injection
CVE-2015-5647
Cybozu Garoon <4.0.3 - Authenticated RCE
CVE-2015-5646
Cybozu Garoon <4.0.3 - Authenticated RCE
CVE-2015-5644
ICZ MATCHA SNS < 1.3.6 - Remote Code Execution via Database Misconfiguration
CVE-2015-5643
ICZ MATCHA INVOICE < 2.5.7 - Remote Code Execution via Database Misconfiguration
CVE-2015-5687
Anchor CMS 0.9.x - Remote Code Execution via Cookie Deserialization
CVE-2015-7381
refbase < 0.9.6 - Remote Code Execution via pathToMYSQL or databaseStructureFile Parameter
CVE-2015-5603
HipChat for JIRA <6.30.0 - Code Injection
CVE-2015-5693
Symantec Web Gateway <5.2.2 - Command Injection
CVE-2015-2308
Symfony 2.x < 2.3.27, 2.4.x-2.5.x < 2.5.11, 2.6.x < 2.6.6 - Remote Code Execution via HttpCache ESI Language Attribute
Details
Vulnerabilities 6,536
Exploit Likelihood Medium