CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,550 vulnerabilities with CWE-94
CVE-2007-2521
e-gads < 2.2.6 - Remote Code Execution via Locale Parameter
CVE-2007-2458
Pixaria Gallery - Remote File Inclusion via cfg[sys][base_path] Parameter
CVE-2007-2428
ahhp-portal - Remote Code Execution via page.php fp or sc Parameter
CVE-2007-2340
phporacleview - Remote Code Execution via page_dir or inc_dir Parameter
CVE-2007-2319
AutoStand < 1.1 - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2007-2260
bibtex mase beta 2.0 - Remote Code Execution via bibtexrootrel Parameter
CVE-2007-2262
Sinato jmuffin - Remote Code Execution via relPath or folder Parameter
CVE-2007-2199
CJG EXPLORER PRO 3.3 - Remote Code Execution via g_pcltar_lib_dir Parameter
CVE-2007-2185
Supasite 1.23b - Remote Code Execution via supa[db_path] or supa[include_path] Parameter
CVE-2007-2144
JoomlaPack 1.0.4a2 RE - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2007-2084
MobilePublisherphp 1.1.2 - Remote Code Execution via Auth Method Parameter
CVE-2007-2091
tsdisplay4xoops 0.1 - Remote Code Execution via xoops_url Parameter
CVE-2007-2070
SunShop Shopping Cart < 3.5.1 - Remote Code Execution via abs_path Parameter
CVE-2007-2005
Taskhopper Component for Joomla! and Mambo - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2007-1996
CodeBreak < 1.1.2 - Remote Code Execution via process_method Parameter
CVE-2007-1843
MapLab 2.2.1 - Remote Code Execution via gmapfactory/params.php gszAppPath Parameter
CVE-2007-1790
Kaqoo Auction Software Free Edition - Remote Code Execution via install_root Parameter
CVE-2007-1643
LAN Management System < 1.8.9 - Remote Code Execution via PHP File Inclusion
CVE-2007-1581
PHP 5.0.0-5.2.13 and 5.3.0-5.3.2 - Remote Code Execution via Hash Update File Resource Manipulation
CVE-2007-1472
Groupit 2.00b5 - Remote Code Execution via Global Variable Overwrite
CVE-2007-1483
WebCalendar 0.9.45 - Remote Code Execution via includedir Parameter
CVE-2007-1446
Danny HO Oes - Code Injection
CVE-2007-1415
PMB Services < 3.0.13 - Remote Code Execution via Multiple PHP File Inclusion Parameters
CVE-2007-0994
Mozilla Firefox <2.0.0.2 & SeaMonkey <1.1.1 - XSS
CVE-2007-1247
aWebNews 1.5 - Remote Code Execution via path_to_news Parameter
Details
Vulnerabilities 6,550
Exploit Likelihood Medium