CWE-95

Medium likelihood

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Parent: CWE-94 - Improper Control of Generation of Code ('Code Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

126 vulnerabilities with CWE-95
CVE-2011-10033 CRITICAL
WordPress Plugin <=1.4.2 - Code Injection
Details
Vulnerabilities 126
Exploit Likelihood Medium
Links
MITRE CWE Entry Search this CWE With Exploits