VYPR

CWE-94

Improper Control of Generation of Code ('Code Injection')

BaseDraftLikelihood: Medium

Description

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-242 · CAPEC-35 · CAPEC-77

CVEs mapped to this weakness (4,701)

page 16 of 236
  • CVE-2018-5779CriMar 14, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated…

  • CVE-2018-0007CriJan 10, 2018
    risk 0.64cvss 9.8epss 0.02

    An unauthenticated network-based attacker able to send a maliciously crafted LLDP packet to the local segment, through a local segment broadcast, may be able to cause a Junos device to enter an improper boundary check condition allowing a memory corruption to occur, leading to a…

  • CVE-2017-1000480CriJan 3, 2018
    risk 0.64cvss 9.8epss 0.03

    Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.

  • CVE-2016-5713CriDec 6, 2017
    risk 0.64cvss 9.8epss 0.02

    Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.

  • CVE-2017-1000196CriNov 17, 2017
    risk 0.64cvss 9.8epss 0.02

    October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.

  • CVE-2017-15376CriOct 16, 2017
    risk 0.64cvss 9.8epss 0.04

    The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.

  • CVE-2015-8351CriSep 11, 2017
    risk 0.64cvss 9.0epss 0.37

    PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE:…

  • CVE-2017-11715CriJul 28, 2017
    risk 0.64cvss 9.8epss 0.01

    job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.

  • CVE-2017-11459CriJul 25, 2017
    risk 0.64cvss 9.8epss 0.02

    SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.

  • CVE-2017-11585CriJul 24, 2017
    risk 0.64cvss 9.8epss 0.02

    dayrui FineCms 5.0.9 has remote PHP code execution via the param parameter in an action=cache request to libraries/Template.php, aka Eval Injection.

  • CVE-2017-11167CriJul 12, 2017
    risk 0.64cvss 9.8epss 0.02

    FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value.

  • CVE-2017-10968CriJul 7, 2017
    risk 0.64cvss 9.8epss 0.02

    In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.

  • CVE-2017-9807CriJun 22, 2017
    risk 0.64cvss 9.8epss 0.05

    An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute…

  • CVE-2017-9771CriJun 21, 2017
    risk 0.64cvss 9.8epss 0.01

    install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.

  • CVE-2017-7691CriApr 11, 2017
    risk 0.64cvss 9.8epss 0.02

    A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.

  • CVE-2017-7625CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.03

    In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.

  • CVE-2014-3927CriApr 3, 2017
    risk 0.64cvss 9.8epss 0.04

    mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code.

  • CVE-2017-7324CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.02

    setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter.

  • CVE-2017-7321CriMar 30, 2017
    risk 0.64cvss 9.8epss 0.02

    setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.

  • CVE-2014-3582CriMar 29, 2017
    risk 0.64cvss 9.8epss 0.02

    In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.