CWE-94
Medium likelihoodImproper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
6,549 vulnerabilities with CWE-94
CVE-2008-3043
WEC Discussion Forum < 1.6.2 - Remote Code Execution via File Upload
CVE-2008-3022
PHPortal 1.2 Beta - Remote Code Execution via URL Parameter Injection
CVE-2008-3001
Drupal Aggregation Module 5.x - Remote Code Execution via Crafted Feed File Upload
CVE-2008-2977
Ourvideo CMS 9.5 - Remote Code Execution via include_connection Parameter
CVE-2008-2981
HomePH Design 2.10 RC2 - Remote Code Execution via Template Thumbnail Parameter
CVE-2008-2986
phpdmca 1.0.0 - Remote File Inclusion via ourlinux_root_path Parameter
CVE-2008-2990
com_facileforms - Remote Code Execution via ff_compath Parameter
CVE-2008-2905
Mambo < 4.6.4 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2008-2912
Contenido CMS 4.8.4 - Remote Code Execution via Multiple PHP File Inclusion Parameters
CVE-2008-2884
rss_aggregator - Remote Code Execution via Path Parameter
CVE-2008-2885
Odars - Code Injection
CVE-2008-2886
Jamroom 3.3.0-3.3.5 - Remote Code Execution via jamroom[jm_dir] Parameter
CVE-2008-2888
MiGCMS 2.0.5 - Remote Code Execution via GLOBALS[application][app_root] Parameter
CVE-2008-2877
cmsWorks 2.2 RC4 - Remote Code Execution via mod_root Parameter
CVE-2008-2883
Jamroom 3.3.0-3.3.5 - Remote Code Execution via jamroom[jm_dir] Parameter
CVE-2008-2854
Orlando CMS 0.6 - Remote Code Execution via GLOBALS[preloc] Parameter
CVE-2008-2832
aspWebCalendar 2008 - Unauthenticated Arbitrary File Upload and Remote Code Execution via FILE1 Parameter
CVE-2008-2836
WebCalendar 1.0.4 - Remote Code Execution via send_reminders.php includedir Parameter
CVE-2008-2841
Microsoft Internet Explorer < 2.8.7b - Code Injection
CVE-2008-2769
phpraider 1.0.6-1.0.7 - Remote Code Execution via pConfig_auth[smf_path] Parameter
CVE-2008-2772
Drupal Magic Tabs Module 5.x - Remote Code Execution via URL Argument Injection
CVE-2008-2689
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
CVE-2008-2690
BrowserCRM 5.002.00 - Remote Code Execution via bcrm_pub_root Parameter
CVE-2008-2684
Black Ice Barcode SDK 5.01 - Remote Code Execution via BIDIB.BIDIBCtrl.1 ActiveX DownloadImageFileURL Method
CVE-2008-2230
reportbug 3.8 and 3.31 - Unauthenticated Remote Code Execution via Malicious Module File
Details
Vulnerabilities
6,549
Exploit Likelihood
Medium