CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,556 vulnerabilities with CWE-94
CVE-2003-1385
Invision Power Board 1.1.1 - Remote Code Execution via root_path Parameter
CVE-2003-1406
D-Forum 1.00-1.11 - Remote Code Execution via my_header or my_footer Parameter
CVE-2003-1410
Cedric Email Reader 0.2-0.3 - Remote Code Execution via cer_skin Parameter
CVE-2003-1411
Cedric Email Reader 0.4 - Remote Code Execution via emailreader_ini Parameter
CVE-2003-1412
GONiCUS System Administrator 1.0 - Remote Code Execution via Plugin Parameter
CVE-2003-1432
Unreal Engine 226f-436 - Denial of Service and Possible Remote Code Execution via Negative Size Value
CVE-2003-1436
Nukebrowser 2.1-2.5 - Remote Code Execution via filhead Parameter
CVE-2003-1459
ttCMS 2.2 and ttForum - Remote Code Execution via Template or InstallDir Parameter
CVE-2003-1491
Kerio Personal Firewall 2.1.4 - Unauthenticated Firewall Bypass via DNS Source Port
CVE-2003-1500
cpCommerce 0.5f - Remote Code Execution via _functions.php Prefix Parameter
CVE-2003-0498
Caché Database 5.x - Privilege Escalation
CVE-2003-0395
Ultimate PHP Board 1.9 - Remote Code Execution via User-Agent Header
CVE-2002-1750
CGISCRIPT.NET csGuestbook 1.0 - Remote Code Execution via Setup Parameter
CVE-2002-1752
CGIScript.net csChat-R-Box - Remote Code Execution via Setup Parameter
CVE-2002-1753
CGIScript.net csNews Professional - Remote Code Execution via setup Parameter
CVE-2002-1991
osCommerce 2.1 - Remote Code Execution via Include File Parameter
CVE-2002-2019
osCommerce 2.1 - Remote Code Execution via include_file Parameter
CVE-2002-2249
News Evolution 2.0 - Remote Code Execution via neurl Parameter
CVE-2002-2287
phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 - Remote Code Execution via phpbb_root_path Parameter
CVE-2002-2297
Thatware 0.5.2 and 0.5.3 - Remote Code Execution via artlist.php root_path Parameter
CVE-2002-2298
thatware 0.3-0.5.3 - Remote Code Execution via config.php root_path Parameter
CVE-2002-2299
thatware 0.3-0.5.2 - Remote Code Execution via root_path Parameter
CVE-2002-2319
MySimpleNews - Remote Code Execution via users.php Parameter Injection
CVE-2002-0495
csSearch Professional < 2.3 - Remote Code Execution via Setup Parameter
CVE-2001-0307
Bajie HTTP JServer < 0.80 - Remote Code Execution via Shell Metacharacters in CGI Request
Details
Vulnerabilities 6,556
Exploit Likelihood Medium