CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,506 vulnerabilities with CWE-94
CVE-2024-13199 LOW
Langhsu Mblog Blog System 3.5.0 - XSS
CVSS 3.5
CVE-2024-13197 LOW
donglight bookstore 1.0.0 - Cross-Site Scripting in AdminUserController updateUser Function
CVSS 3.5
CVE-2024-13196 LOW
donglight bookstore 1.0.0 - Cross-Site Scripting via BookSearchList Keywords Parameter
CVSS 3.5
CVE-2024-13192 LOW
ZeroWdd myblog 1.0 - Cross-Site Scripting in BlogController Update Function
CVSS 3.5
CVE-2024-13187 MEDIUM
Kingsoft WPS Office 6.14.0 - Code Injection
CVSS 5.3
CVE-2024-11635 CRITICAL
WordPress File Upload <4.24.12 - RCE
CVSS 9.8
CVE-2024-8002 MEDIUM
VIWIS LMS 9.11 - Cross-Site Scripting via File Upload Filename
CVSS 4.3
CVE-2024-11613 CRITICAL
WordPress File Upload <4.24.15 - RCE
CVSS 9.8
CVE-2024-56448 MEDIUM
Home Screen Widget - Info Disclosure
CVSS 6.7
CVE-2024-50660 CRITICAL
AdPortal 3.0.39 - Remote Code Execution via File Upload Bypass
CVSS 9.8
CVE-2024-50658 CRITICAL
AdPortal 3.0.39 - Server-Side Template Injection via updateuserinfo.html Parameters
CVSS 9.8
CVE-2024-56278 CRITICAL
Smackcoders WP Ultimate Exporter <2.9.1 - Code Injection
CVSS 9.1
CVE-2024-12471 HIGH
Dezgo AI Text & Image Generator <1.3.1 - RCE
CVSS 8.8
CVE-2024-12252 CRITICAL
SEO LAT Auto Post <= 2.2.1 - Unauthenticated File Overwrite and Remote Code Execution via remote_update AJAX Action
CVSS 9.8
CVE-2024-12419 MEDIUM
Contact Form 7 Style WordPress Plugin - CF7 WOW Styler <= 1.7.0 - Unauthenticated Arbitrary Shortcode Execution
CVSS 6.5
CVE-2024-55529 CRITICAL
Z-BlogPHP 1.7.3 - Remote Code Execution via Theme Template File
CVSS 9.8
CVE-2024-13143 LOW
ZeroWdd studentmanager 1.0 - Cross-Site Scripting via PermissionController submitAddPermission URL Parameter
CVSS 2.4
CVE-2024-13142 LOW
ZeroWdd studentmanager 1.0 - Cross-Site Scripting in RoleController submitAddRole Function
CVSS 2.4
CVE-2024-13141 LOW
osuuu LightPicture <= 1.2.2 - Stored Cross-Site Scripting via SVG File Upload Handler
CVSS 3.5
CVE-2024-13140 LOW
emlog 2.4.0-2.4.3 - Cross-Site Scripting via Cover Upload Handler
CVSS 3.5
CVE-2024-13137 LOW
wangl1989 mysiteforme 1.0 - Cross-Site Scripting in SiteController RestResponse
CVSS 2.4
CVE-2024-13135 LOW
Emlog Pro 2.4.3 - Cross-Site Scripting in Subpage Handler
CVSS 3.5
CVE-2024-13132 LOW
emlog 2.4.0-2.4.3 - Cross-Site Scripting in Subpage Handler
CVSS 3.5
CVE-2024-11733 HIGH
WordPress Popular Posts <7.1.0 - RCE
CVSS 7.3
CVE-2024-43767 HIGH
Android - Remote Code Execution via SkBlurMaskFilterImpl Heap Overflow
CVSS 8.8
Details
Vulnerabilities 6,506
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits