CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,550 vulnerabilities with CWE-94
CVE-2007-4815
Markus Iser ED Engine 0.8999 alpha - Remote Code Execution via Codebase Parameter
CVE-2007-4817
Restaurante Component for Joomla! - Unauthenticated Arbitrary PHP File Upload via Double Extension Bypass
CVE-2007-4818
Txx CMS 0.2 - Remote Code Execution via doc_root Parameter
CVE-2007-4806
Focus/SIS 1.0 - Remote Code Execution via FocusPath Parameter
CVE-2007-4807
Focus/SIS 2.2 - Remote Code Execution via Staticpath Parameter
CVE-2007-4809
Online Fantasy Football League 0.2.6 - Remote Code Execution via DOC_ROOT Parameter
CVE-2007-4782
PHP < 5.2.3 - Denial of Service via Long String in glob or fnmatch Function
CVE-2007-4763
PHP Object Framework < 20040226 - Remote Code Execution via PHPOF_INCLUDE_PATH Parameter
CVE-2007-4744
AnyInventory 1.9.1 and 2.0 - Remote File Inclusion via DIR_PREFIX Parameter
CVE-2007-4737
SpeedTech PHP Library 0.8.0 - Remote File Inclusion via STPHPLIB_DIR Parameter
CVE-2007-4738
SpeedTech PHP Library 0.8.0 - Remote File Inclusion via db_conf, ADODB_DIR, or STPHPLIB_DIR Parameter
CVE-2007-4712
enetman 1 - Remote Code Execution via Page Parameter
CVE-2007-4715
Weblogicnet - Remote File Inclusion via files_dir Parameter
CVE-2007-4720
Hitachi JP1/Cm2/Network Node Manager RCE (07-10-07-10-05, NNM Starter Edition Enterprise/250 08-00-08-10)
CVE-2007-4640
Pakupaku CMS < 0.4 - Unauthenticated Arbitrary File Upload via index.php Uploads Action
CVE-2007-4644
Doomsday < 1.9.0_beta5.1 - Remote Code Execution via Format String in PSV_CONSOLE_TEXT Message
CVE-2007-4645
NMDeluxe 2.0.0 - SQL Injection via id Parameter in newspost Action
CVE-2007-4646
Hexamail Server 3.0.0.001 Lite - Buffer Overflow
CVE-2007-4605
Virtual War < 1.5.0_r15 - Remote Code Execution via vwar_root Parameter
CVE-2007-4606
phpnuke-clan < 4.2.0 - Remote Code Execution via VWar Module vwar_root Parameter
CVE-2007-4608
ePersonnel RC_2004_02 - Code Injection
CVE-2007-4596
PHP perl Extension - safe_mode Bypass Code Execution
CVE-2007-4551
Agares Media Arcadem 2.01 - Remote Code Execution via Loadpage Parameter
CVE-2007-4525
SPIP 1.7.2 - Remote Code Execution via squelette_cache Parameter
CVE-2007-4458
PHP <includes/class/class_tpl.php - RCE
Details
Vulnerabilities 6,550
Exploit Likelihood Medium