CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,548 vulnerabilities with CWE-94
CVE-2008-7034
PHPEcho CMS 2.0 rc3 - Remote Code Execution via Smarty Template Compile Path Manipulation
CVE-2008-7005
Minb Is Not a Blog 0.1.0 - Remote Code Execution via quotes_to_edit Parameter
CVE-2008-7000
PHPAuction 3.2 - Remote Code Execution via Index.php Lan Parameter
CVE-2008-6983
devalcms 1.4a - Remote Code Execution via HTTP Referer Header
CVE-2008-6958
Crossday Discuz! Board 6.x-7.x - Authenticated PHP Code Execution via Credits Formula Parameter
CVE-2008-6956
mxCamArchive 2.2 - Authenticated PHP Code Injection via Description Parameter
CVE-2008-6937
Exodus 0.10 - Argument Injection via Encoded Spaces in xmpp:// URI
CVE-2008-6936
Exodus 0.10 - Argument Injection via Encoded Spaces in pres:// URI
CVE-2008-6935
Exodus 0.10 - Argument Injection via Encoded Spaces in im:// URI
CVE-2008-6934
Sanusart Free Simple Guestbook PHP Script - Remote Code Execution via Message Parameter
CVE-2008-6902
2532gigs 1.2.2 - Remote Code Execution via Unrestricted File Upload
CVE-2008-6900
AvailScript Article Script - Authenticated Remote Code Execution via Unrestricted File Upload in Add Pen Feature
CVE-2008-0020
Microsoft Video ActiveX - Memory Corruption
CVE-2008-6849
phpGreetCards 3.7 - Unauthenticated Remote Code Execution via File Upload
CVE-2008-6841
gmitc com_dbquery < 1.4.1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2008-6840
V-webmail 1.6.4 - Remote File Inclusion via CONFIG[pear_dir] or CONFIG[includes] Parameter
CVE-2008-6807
osprey 1.0a4.1 - Remote Code Execution via ListRecords.php xml_dir Parameter
CVE-2008-6785
Mini File Host 1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable File Extension
CVE-2008-6773
YourPlace <= 1.0.2 - Authenticated Static Code Injection via Internet Toolbar Parameters
CVE-2008-6761
Flexcustomer 0.0.6 - Remote Code Execution via Database Name Parameter
CVE-2008-6748
Megacubo 5.0.7 - Remote Code Execution via mega:// URI Play Action
CVE-2008-6740
HoMaP-CMS 0.1 - Remote Code Execution via _settings[pluginpath] Parameter
CVE-2008-6677
QuickerSite 1.8.5 - Remote Code Execution via Unrestricted File Upload
CVE-2008-6665
Ananta CMS 1.0b5 - Remote Code Execution via Email Parameter
CVE-2008-6651
OxYProject OxYBox 0.85 - Remote Code Injection via edithistory.php oxymsg Parameter
Details
Vulnerabilities
6,548
Exploit Likelihood
Medium