CWE-94
Improper Control of Generation of Code ('Code Injection')
Description
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-242 · CAPEC-35 · CAPEC-77
CVEs mapped to this weakness (4,701)
page 16 of 236| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5779 | Cri | 0.64 | 9.8 | 0.03 | Mar 14, 2018 | A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated… | ||
| CVE-2018-0007 | Cri | 0.64 | 9.8 | 0.02 | Jan 10, 2018 | An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a… | ||
| CVE-2017-1000480 | — | Cri | 0.64 | 9.8 | 0.03 | Jan 3, 2018 | Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | |
| CVE-2016-5713 | Cri | 0.64 | 9.8 | 0.02 | Dec 6, 2017 | Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0. | ||
| CVE-2017-1000196 | Cri | 0.64 | 9.8 | 0.02 | Nov 17, 2017 | October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server. | ||
| CVE-2017-15376 | Cri | 0.64 | 9.8 | 0.04 | Oct 16, 2017 | The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | ||
| CVE-2015-8351 | Cri | 0.64 | 9.0 | 0.37 | Sep 11, 2017 | PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE:… | ||
| CVE-2017-11715 | Cri | 0.64 | 9.8 | 0.01 | Jul 28, 2017 | job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php. | ||
| CVE-2017-11459 | Cri | 0.64 | 9.8 | 0.02 | Jul 25, 2017 | SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592. | ||
| CVE-2017-11585 | Cri | 0.64 | 9.8 | 0.02 | Jul 24, 2017 | dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection. | ||
| CVE-2017-11167 | Cri | 0.64 | 9.8 | 0.02 | Jul 12, 2017 | FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | ||
| CVE-2017-10968 | Cri | 0.64 | 9.8 | 0.02 | Jul 7, 2017 | In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | ||
| CVE-2017-9807 | Cri | 0.64 | 9.8 | 0.05 | Jun 22, 2017 | An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute… | ||
| CVE-2017-9771 | Cri | 0.64 | 9.8 | 0.01 | Jun 21, 2017 | install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | ||
| CVE-2017-7691 | Cri | 0.64 | 9.8 | 0.02 | Apr 11, 2017 | A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592. | ||
| CVE-2017-7625 | Cri | 0.64 | 9.8 | 0.03 | Apr 10, 2017 | In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | ||
| CVE-2014-3927 | Cri | 0.64 | 9.8 | 0.04 | Apr 3, 2017 | mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | ||
| CVE-2017-7324 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2017 | setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | ||
| CVE-2017-7321 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2017 | setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | ||
| CVE-2014-3582 | Cri | 0.64 | 9.8 | 0.02 | Mar 29, 2017 | In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. |
- risk 0.64cvss 9.8epss 0.03
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated…
- risk 0.64cvss 9.8epss 0.02
An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a…
- risk 0.64cvss 9.8epss 0.03
Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
- risk 0.64cvss 9.8epss 0.02
Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.
- risk 0.64cvss 9.8epss 0.02
October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.
- risk 0.64cvss 9.8epss 0.04
The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.
- risk 0.64cvss 9.0epss 0.37
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE:…
- risk 0.64cvss 9.8epss 0.01
job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.
- risk 0.64cvss 9.8epss 0.02
SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.
- risk 0.64cvss 9.8epss 0.02
dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.
- risk 0.64cvss 9.8epss 0.02
FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.
- risk 0.64cvss 9.8epss 0.02
In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
- risk 0.64cvss 9.8epss 0.05
An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute…
- risk 0.64cvss 9.8epss 0.01
install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.
- risk 0.64cvss 9.8epss 0.02
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.
- risk 0.64cvss 9.8epss 0.03
In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.
- risk 0.64cvss 9.8epss 0.04
mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.
- risk 0.64cvss 9.8epss 0.02
setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.
- risk 0.64cvss 9.8epss 0.02
setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.
- risk 0.64cvss 9.8epss 0.02
In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.