VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 15 of 236
  • CVE-2018-6512CriJun 11, 2018
    risk 0.64cvss 9.8epss 0.02

    The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razor-server. Affected releases are Puppet Enterprise: 2018.1.x versions prior to 2018.1.1 and razor-server and pe-razor-server prior to 1.9.0.0.

  • CVE-2018-11228CriJun 8, 2018
    risk 0.64cvss 9.8epss 0.08

    Crestron TSW-1060, TSW-760, TSW-560, TSW-1060-NC, TSW-760-NC, and TSW-560-NC devices before 2.001.0037.001 allow unauthenticated remote code execution via a Bash shell service in Crestron Toolbox Protocol (CTP).

  • CVE-2017-16151CriJun 7, 2018
    risk 0.64cvss 9.8epss 0.03

    Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the…

  • CVE-2017-16020CriJun 4, 2018
    risk 0.64cvss 9.8epss 0.03

    Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.

  • CVE-2016-10546CriMay 31, 2018
    risk 0.64cvss 9.8epss 0.03

    An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as…

  • CVE-2016-10541CriMay 31, 2018
    risk 0.64cvss 9.8epss 0.02

    The npm module "shell-quote" 1.6.0 and earlier cannot correctly escape ">" and "<" operator used for redirection in shell. Applications that depend on shell-quote may also be vulnerable. A malicious user could perform code injection.

  • CVE-2018-1260CriMay 11, 2018
    risk 0.64cvss 9.8epss 0.08

    Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to 2.2.2, 2.1 prior to 2.1.2, 2.0 prior to 2.0.15 and older unsupported versions contains a remote code execution vulnerability. A malicious user or attacker can craft an authorization request to the authorization…

  • CVE-2018-10740CriMay 4, 2018
    risk 0.64cvss 9.8epss 0.03

    Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.

  • CVE-2018-8938CriMay 1, 2018
    risk 0.64cvss 9.8epss 0.02

    A Code Injection issue was discovered in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold before 2018 (18.0). Malicious actors can inject a specially crafted SNMP MIB file that could allow them to execute arbitrary commands and code on the WhatsUp Gold server.

  • CVE-2018-10429CriApr 26, 2018
    risk 0.64cvss 9.8epss 0.02

    Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.

  • CVE-2018-10133CriApr 16, 2018
    risk 0.64cvss 9.8epss 0.01

    PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php.

  • CVE-2018-9848CriApr 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the config[upload_class] value from jpg,gif,png,jpeg to…

  • CVE-2018-9847CriApr 7, 2018
    risk 0.64cvss 9.8epss 0.02

    In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.

  • CVE-2018-9175CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.02

    DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.

  • CVE-2018-9174CriApr 2, 2018
    risk 0.64cvss 9.8epss 0.01

    sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.

  • CVE-2014-2293CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.05

    Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter…

  • CVE-2017-1789CriMar 22, 2018
    risk 0.64cvss 9.8epss 0.03

    IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods. IBM X-Force ID: 137034.

  • CVE-2018-8073CriMar 21, 2018
    risk 0.64cvss 9.8epss 0.02

    Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.

  • CVE-2018-5781CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page.…

  • CVE-2018-5780CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page.…