CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,554 vulnerabilities with CWE-94
CVE-2006-3210
Ralf Image Gallery < 1.0 - Remote File Inclusion and Directory Traversal via dir_abs_src Parameter
CVE-2006-3172
Content*Builder 0.7.5 - Remote Code Execution via PHP File Inclusion
CVE-2006-3175
mcGuestbook 1.3 - Remote Code Execution via Lang Parameter File Inclusion
CVE-2006-3193
Grayscale BandSite CMS 1.1.1 - Remote Code Execution via root_path Parameter
CVE-2006-3136 CRITICAL
Nucleus CMS 3.23 - Remote Code Execution via DIR_LIBS Parameter Manipulation
CVSS 9.8
CVE-2006-3144
Implied By Design Micro CMS <3.5 - RCE
CVE-2006-3019
phpCMS 1.2.1pl2 - Remote Code Execution via PHPCMS_INCLUDEPATH Parameter
CVE-2006-1303
Microsoft Internet Explorer <6 SP1 - RCE
CVE-2006-2385
Microsoft IE - Code Injection
CVE-2006-2852
dotwidget_cms 1.0.6 - Remote Code Execution via file_path Parameter
CVE-2006-2860
Webspotblogging 3.0.1 - Remote Code Execution via Path Parameter in Multiple Scripts
CVE-2006-2779
Mozilla Firefox and Thunderbird - Remote Code Execution via Multiple DOM and XBL Mechanisms
CVE-2006-2780
Firefox and Thunderbird < 1.5.0.4 - Remote Code Execution via Integer Overflow in jsstr Tagify
CVE-2006-2767
Ottoman 1.1.2 - Remote Code Execution via Default Path Parameter
CVE-2006-2681
SocketMail Lite and Pro < 2.2.6 - Remote Code Execution via site_path Parameter
CVE-2006-2685
Basic Analysis and Security Engine <= 1.2.4 - Remote Code Execution via BASE_path Parameter
CVE-2006-2686
ActionApps 2.8.1 - Remote Code Execution via GLOBALS[AA_INC_PATH] Parameter
CVE-2006-2645
Plume CMS 1.0.3 - Remote Code Execution via _PX_config[manager_path] Parameter
CVE-2006-2548
perlpodder < 0.5 - Remote Code Execution via Podcast URL Shell Metacharacters
CVE-2006-2521
phpMyDirectory <= 10.4.4 - Remote Code Execution via ROOT_PATH Parameter
CVE-2006-2395
PopSoft Digital PopPhoto Studio <= 3.5.4 - Remote Code Execution via include_path Parameter
CVE-2006-2315
ISPConfig < 2.2.2 - Remote Code Execution via session.inc.php go_info Parameter
CVE-2006-2281
X-Scripts X-Poll 2.30 - Remote Code Execution via Image Upload
CVE-2006-2286
Dokeos < 1.6.3 and Community Release 2.0.3 - Remote Code Execution via PHP File Inclusion
CVE-2006-2245
phpbb-auction - Remote Code Execution via phpbb_root_path Parameter
Details
Vulnerabilities 6,554
Exploit Likelihood Medium