CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,549 vulnerabilities with CWE-94
CVE-2008-0567
ChronoEngine ChronoForms 2.3.5 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2008-0572
Mindmeld 1.2.0.10 - Remote Code Execution via MM_GLOBALS[home] Parameter
CVE-2008-0560
cforms - Remote Code Execution via tm Parameter
CVE-2008-0551
Sejoong Namo ActiveSquare - Remote Code Execution via NamoInstaller.NamoInstall.1 ActiveX Control
CVE-2008-0502
Connectix Boards < 0.8.2 - Remote Code Execution via Template Path Parameter
CVE-2008-0503
Netwerk Smart Publisher 1.0.1 - Remote Code Execution via filedata Parameter
CVE-2008-0516
SQLiteManager 1.2.0 - Remote Code Execution via spaw_root Parameter
CVE-2008-0442
Small Axe Weblog 0.3.1 - Remote Code Execution via ffile Parameter
CVE-2008-0448
phpSearch - Remote Code Execution via libcurlemuinc Parameter
CVE-2008-0450
BLOG:CMS 4.2.1.c - Remote Code Execution via DIR_PLUGINS and DIR_LIBS Parameter Injection
CVE-2008-0423
Lama Software - Remote Code Execution via MY_CONF[classRoot] Parameter
CVE-2008-0433
Agares phpAutoVideo < 2.21 - Remote Code Execution via Loadpage Parameter
CVE-2008-0390
AuraCMS 1.62 - Remote Code Execution via X-Forwarded-For Header
CVE-2008-0376
Small Axe Weblog 0.3.1 - Remote Code Execution via cfile Parameter
CVE-2008-0382
Mybulletinboard - Code Injection
CVE-2008-0302
apt-listchanges < 2.82 - Local Code Execution via Untrusted Search Path
CVE-2008-0287
VisionBurst vcart 3.3.2 - Remote Code Execution via abs_path Parameter
CVE-2008-0289
Member Area System < 1.7 - Remote Code Execution via view_func.php i Parameter
CVE-2008-0283
domphp < 0.81 - Remote Code Execution via Page Parameter
CVE-2008-0251
PhotoPost vBGallery < 2.4.1 - Unauthenticated Arbitrary File Upload
CVE-2008-0235
Microsoft VFP_OLE_Server ActiveX Control - Remote Code Execution via foxcommand Method
CVE-2008-0230
osDate 2.0.8 - Remote Code Execution via php121dir Parameter
CVE-2008-0222
Wp-FileManager 1.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via ajaxfilemanager.php
CVE-2008-0202
ExpressionEngine < 1.2.1 - CRLF Injection via URL Parameter
CVE-2008-0143
SAM Broadcaster samPHPweb - Remote Code Execution via commonpath Parameter
Details
Vulnerabilities 6,549
Exploit Likelihood Medium