CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-2645
Brim 1.0.1 - Remote Code Execution via Template Renderer Parameter
CVE-2008-2649
DesktopOnNet 3 Beta - Remote Code Execution via app_path Parameter
CVE-2008-2638
1-script 1-book < 1.0.1 - Remote Code Execution via Guestbook Message Parameter
CVE-2008-1770
Akamai Download Manager <2.2.3.6 - CRLF Injection
CVE-2008-1035
Apple iCal 3.0.1 - Use-After-Free via Malformed CalDAV ATTACH Line
CVE-2008-2520
BigACE 2.4 - Remote Code Execution via PHP File Inclusion
CVE-2008-2478
cPanel < 11.8.6 and < 11.23.1 - Authenticated Remote Code Execution via Email Address Field
CVE-2008-2480
plusphp_short_url_multi-user_script 1.6 - Remote Code Execution via _pages_dir Parameter
CVE-2008-2481
phpraider 1.0.7 and 1.0.7a - Remote Code Execution via pConfig_auth[phpbb_path] Parameter
CVE-2008-2497
Mambo < 4.6.4 - HTTP Response Splitting via CRLF Injection
CVE-2008-2390
HP Software Update - Remote Code Execution via Hpufunction.dll Execute Methods
CVE-2008-2396
microSSys CMS < 1.5 - Remote Code Execution via PAGES Array Parameter
CVE-2008-2341
News Manager 2.0 - Remote Code Execution via ch_readalso.php read_xml_include Parameter
CVE-2008-2345
air_filemanager < 0.6.0 - Remote Code Execution via Insufficient File Filtering
CVE-2008-2284
Fusebox 5.5.1 - Remote Code Execution via FUSEBOX_APPLICATION_PATH Parameter
CVE-2008-2296
rgboard 3.0.12 - Remote Code Execution via site_path Parameter
CVE-2008-2270
PHPWAY Kostenloses Linkmanagementscript - Remote File Inclusion via main_page_directory or page_to_include Parameter
CVE-2008-2275
sr_feuser_register_extension <=2.5.9 - Remote Code Execution & Arbitrary File Deletion
CVE-2008-2220
Interact Learning Community Environment 2.4.1 - Remote Code Execution via CONFIG Parameter Manipulation
CVE-2008-2224
SazCart 1.5.1 - Remote Code Execution via PHP File Inclusion
CVE-2008-2228
Cyberfolio 7.12 - Remote Code Execution via rep Parameter
CVE-2008-2192
Itcms - Code Injection
CVE-2008-2193
ScorpNews 2.0 - Remote Code Execution via example.php site Parameter
CVE-2008-2195
deluxebb < 1.1 - Authenticated PHP Code Injection via admincp.php URI
CVE-2008-2198
Kmita Tellfriend < 2.0 - Remote Code Execution via htmlcode.php file Parameter
Details
Vulnerabilities 6,549
Exploit Likelihood Medium