CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,550 vulnerabilities with CWE-94
CVE-2007-5784
CaupoShop Pro < 2.1 - Remote Code Execution via Index.php Action Parameter
CVE-2007-5785
JobSite Professional 2.0 - SQL Injection via id Parameter
CVE-2007-5786
GoSamba 1.0.1 - Remote Code Execution via PHP File Inclusion in include_path Parameter
CVE-2007-5754
phpFaber URLInn 2.0.5 - Remote Code Execution via dir_ws Parameter
CVE-2007-5733
Japanese PHP Gallery Hosting - Unauthenticated Arbitrary File Upload via ServerPath Parameter
CVE-2007-5737
Korean GHBoard - Unrestricted File Upload via upload.jsp
CVE-2007-5720
ProfileCMS 1.0 - Unauthenticated Arbitrary PHP File Upload
CVE-2007-5721
MySpace Resource Script 1.21 - Remote Code Execution via rootBase Parameter
CVE-2007-5705
Jeebles Directory 2.9.60 - Authenticated PHP Code Execution in Settings Component
CVE-2007-5697
PHP Image 1.2 - Remote Code Execution via xarg Parameter
CVE-2007-5693
SiteBar 3.3.8 - Authenticated PHP Code Injection via Translation Module
CVE-2007-5696
phpBasic - Remote Code Execution via includes.php root Parameter
CVE-2007-5676
PHP-Nuke Platinum 7.6.b.5 - Remote Code Execution via nuke_bb_root_path Parameter
CVE-2007-5641
PHP Project Management < 0.8.10 - Remote Code Execution via Full Path Parameter
CVE-2007-5631
PeopleAggregator 1.2pre6 - Remote Code Execution via current_blockmodule_path Parameter
CVE-2007-5627
SocketMail 2.2.8 - Remote Code Execution via __SOCKETMAIL_ROOT Parameter
CVE-2007-5628
The Online Web Library Site (TOWels) 0.1 - Remote Code Execution via pageHeaderFile Parameter
CVE-2007-5592
awzMB 4.2 beta 1 - Remote Code Execution via Setting[OPT_includepath] Parameter
CVE-2007-5593
Drupal 5.x < 5.3 - Remote Code Execution via install.php Database Unreachable Vector
CVE-2007-5599
awrate 1.0 - Remote Code Execution via toroot Parameter
CVE-2007-5600
Artmedic CMS < 3.4 - Remote Code Execution via Page Parameter URL Scheme Bypass
CVE-2007-5565 CRITICAL
phpSCMS 0.0.1-Alpha1 - Remote File Inclusion via dir Parameter
CVSS 9.8
CVE-2007-5566
PHPBlog 0.1 Alpha - Remote Code Execution via blog_localpath Parameter
CVE-2007-5567
Galmeta Post 0.11 - Remote Code Execution via DDS Parameter
CVE-2007-5573
LimeSurvey < 1.5.2 - Remote Code Execution via rootdir Parameter
Details
Vulnerabilities 6,550
Exploit Likelihood Medium