CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,548 vulnerabilities with CWE-94
CVE-2009-3660
efront < 3.5.4 - Remote Code Execution via path Parameter
CVE-2009-3541
phpgenealogy 2.0 - Remote Code Execution via DataDirectory Parameter
CVE-2009-3518
IBM Installation Manager < 1.3.2 - Remote Code Execution via iim: URI Handler -vm Option
CVE-2009-3511
justVisual 1.2 - Remote Code Execution via fs_jVroot Parameter
CVE-2009-3492
Loggix Project <= 9.4.5 - Remote Code Execution via pathToIndex Parameter
CVE-2009-3478
FireFTP 1.0.5 - Authenticated Argument Injection via Filename with Double Quotes
CVE-2009-3426
MaxCMS 3.11.20b - Remote Code Execution via File Manager Special Parameter
CVE-2009-3424
MaxCMS 3.11.20b - Remote Code Execution via Multiple PHP File Inclusion Parameters
CVE-2009-3365
Aurora CMS 1.0.2 - Remote Code Execution via AURORA_MODULES_FOLDER Parameter
CVE-2009-3362
SZNews 2.7 - Remote Code Execution via printnews.php3 id Parameter
CVE-2009-3333
alibasta com_koesubmit - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2009-3331
DDL CMS 1.0 - Remote Code Execution via wwwRoot Parameter
CVE-2009-3324
ProdLer < 2.0 - Remote Code Execution via sPath Parameter
CVE-2009-3323
BAROSmini 0.32.595 - Remote Code Execution via PHP File Inclusion
CVE-2009-3317
OpenSiteAdmin 0.9.7 BETA - Remote Code Execution via Path Parameter
CVE-2009-3312
phppollscript < 1.3 - Remote Code Execution via include_class Parameter
CVE-2009-3307
FSphp 0.2.1 - Remote File Inclusion via FSPHP_LIB Parameter
CVE-2009-3306
ClearSite 4.50 - Remote Code Execution via cs_base_path Parameter
CVE-2009-3220
Tecnick Aiocp - Code Injection
CVE-2009-3188
phpSANE 0.5.0 - Remote Code Execution via File Save Parameter
CVE-2009-2811
Apple Mac OS X 10.5.8 - Remote Code Execution via .fileloc File
CVE-2009-2809
ImageIO in Mac OS X 10.4.11 and 10.5.8 - Remote Code Execution via PixarFilm Encoded TIFF Image
CVE-2009-3174
OBOphiX < 2.7.0 - Remote Code Execution via chemin_lib Parameter
CVE-2009-3079
Firefox < 3.0.14 and 3.5.x < 3.5.3 - Remote Code Execution via FeedWriter
CVE-2009-3077
Firefox < 3.0.14 and 3.5.x < 3.5.3 - Remote Code Execution via XUL Tree Columns Pointer Mismanagement
Details
Vulnerabilities 6,548
Exploit Likelihood Medium