CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,552 vulnerabilities with CWE-94
CVE-2007-0501
mafia_scum_tools < 2.0.0 - Remote Code Execution via Gen Parameter
CVE-2007-0486
phpadsnew 2.0.7 - Remote Code Execution via PHP File Inclusion
CVE-2007-0230
CS-Cart 1.3.3 - Remote Code Execution via install.php install_dir Parameter
CVE-2007-0134
iGeneric iG Shop 1.0 - Remote Code Execution via Action Parameter
CVE-2007-0127
Opera < 9.10 - Remote Code Execution via SVG Transform Matrix Object Type Confusion
CVE-2006-1318
Microsoft Office - Remote Code Execution via Malformed Control in Document
CVE-2006-7237
ixprim 2.0 - Remote Code Execution via Theme_Manager.class.php File Inclusion
CVE-2006-3456
Symantec Norton AntiVirus, Internet Security, and System Works - Remote Code Execution via NAVOPTS.DLL ActiveX Control
CVE-2006-7181
Morcego CMS < 0.9.6 - Remote Code Execution via PHP File Inclusion
CVE-2006-7146
Leicestershire communityPortals < 1.0 - Remote Code Execution via cp_root_path Parameter
CVE-2006-7147
phpBB Import Tools Mod 0.1.4 - Remote Code Execution via phpbb_root_path Parameter
CVE-2006-7127
JAF CMS 4.0 and 4.0 RC2 - Remote Code Execution via main_dir Parameter
CVE-2006-7130
Jinzora < 2.1 - Remote Code Execution via Include Path Parameter
CVE-2006-7100
phpBB Insert User < 0.1.2 - Remote Code Execution via phpbb_root_path Parameter
CVE-2006-7102
phpburningportal_quiz-modul < 1.0.1 - Remote Code Execution via lang_path Parameter
CVE-2006-7104
MOStlyCE - Remote Code Execution via mosConfig_absolute_path Parameter
CVE-2006-7105 CRITICAL
Smarty 2.6.9 - Remote Code Execution via Filename Parameter
CVSS 9.8
CVE-2006-7106
powerphlogger < 2.0.9 - Remote Code Execution via rel_path Parameter
CVE-2006-7090
phpbb_security < 1.0.1 - Remote Code Execution via php_root_path Parameter
CVE-2006-7046
Clan Manager Pro 1.1.0 - Remote Code Execution via rootpath Parameter
CVE-2006-7021
Plume CMS 1.1.3 - Remote Code Execution via _PX_config[manager_path] Parameter
CVE-2006-6975 CRITICAL
CentiPaid 1.4.3 - Remote Code Execution via class_pwd Parameter
CVSS 9.8
CVE-2006-6976
CentiPaid < 1.4.2 - Remote Code Execution via absolute_path Parameter
CVE-2006-6957
Docebo < 3.0.3 - Remote Code Execution via GLOBALS[where_framework] Parameter
CVE-2006-6958
phpBlueDragon 2.9.1 - Remote Code Execution via vsDragonRootPath Parameter
Details
Vulnerabilities 6,552
Exploit Likelihood Medium