CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,541 vulnerabilities with CWE-94
CVE-2013-2267 HIGH
FUDforum 3.0.4 - Remote Code Execution via PHP Code Injection
CVSS 7.2
CVE-2013-1666 CRITICAL
Foswiki < 1.1.8 - Code Injection via MAKETEXT Macro
CVSS 9.8
CVE-2013-7468 HIGH
Simple Machines Forum 2.0.4 - Code Injection
CVSS 8.1
CVE-2013-6399
QEMU < 1.7.2 - Remote Code Execution via Crafted SaveVM Image
CVE-2013-4537
QEMU < 1.7.2 - Remote Code Execution via Crafted arglen in savevm Image
CVE-2013-4151
QEMU 1.x - Remote Code Execution via Crafted Savevm Image
CVE-2013-1436
xmonad-contrib < 0.11.2 - Remote Code Execution via Web Page Title
CVE-2013-4444
Apache Tomcat < 7.0.40 - Remote Code Execution via JSP File Upload
CVE-2013-7394
Splunk < 5.0.5 - Authenticated Remote Code Execution via runshellscript echo.sh
CVE-2013-6309
IBM Marketing Platform 9.1 - Authenticated Session Hijacking via Link Injection
CVE-2013-5352
Sharetronix < 3.1.1 - Remote Code Execution via Preg Replace E Modifier
CVE-2013-1756
Dragonfly gem 0.7-0.8.5 and 0.9.x < 0.9.13 - Remote Code Execution
CVE-2013-0204
owncloud_server 4.5.x - Authenticated PHP Code Execution via Mount Point Settings
CVE-2013-1412
DataLife Engine 9.7 - Remote Code Execution via catlist[] Parameter
CVE-2013-1397
Symfony 2.0.x < 2.0.22, 2.1.x < 2.1.7, 2.2.x - Remote Code Execution via Yaml::parse or Yaml\Parser::parse
CVE-2013-1348
Symfony Yaml 2.0.0-2.0.21 - Remote Code Execution via Yaml::parse
CVE-2013-5036
Square Squash - Remote Code Execution via YAML in Namespace or Sourcemap Parameter
CVE-2013-0724
WP ecommerce Shop Styling <1.8 - RCE
CVE-2013-4321
TYPO3 6.0.0-6.0.8 and 6.1.0-6.1.3 - Authenticated Remote Code Execution via File Extension in FAL Renaming
CVE-2013-4581
GitLab < 6.2.3 - Remote Code Execution via SSH
CVE-2013-0210
Foreman < 1.2.0 - Remote Code Execution via Smart Proxy Puppet Run API
CVE-2013-0171
Foreman < 1.0 - Remote Code Execution via YAML Object in Fact or Report Import API
CVE-2013-7034
LiveZilla < 5.1.2.1 - Remote Code Execution via Serialized PHP Object in Cookie
CVE-2013-7284
Perl PlRPC <0.2021 - RCE
CVE-2013-6469
JBoss Overlord Run Time Governance 1.0 - Authenticated Remote Code Execution via MVFLEX Expression Language Injection
Details
Vulnerabilities 6,541
Exploit Likelihood Medium