CWE-94
Improper Control of Generation of Code ('Code Injection')
Description
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-242 · CAPEC-35 · CAPEC-77
CVEs mapped to this weakness (4,701)
page 28 of 236| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-4662 | Hig | 0.58 | 8.8 | 0.01 | May 23, 2024 | The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged… | ||
| CVE-2023-6846 | Hig | 0.58 | 8.8 | 0.16 | Feb 5, 2024 | The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute… | ||
| CVE-2023-34251 | Cri | 0.58 | 9.9 | 0.02 | Jun 14, 2023 | Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains… | ||
| CVE-2023-2583 | — | Cri | 0.58 | 10.0 | 0.01 | May 8, 2023 | Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | |
| CVE-2023-1283 | Cri | 0.58 | 10.0 | 0.01 | Mar 8, 2023 | Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | ||
| CVE-2022-46742 | Cri | 0.58 | 10.0 | 0.01 | Dec 7, 2022 | Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | ||
| CVE-2022-25759 | — | Cri | 0.58 | 9.9 | 0.09 | Jul 22, 2022 | The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. | |
| CVE-2021-41749 | — | Cri | 0.58 | 9.8 | 0.17 | Jun 12, 2022 | In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. | |
| CVE-2021-22053 | — | Hig | 0.58 | 8.8 | 0.13 | Nov 19, 2021 | Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the… | |
| CVE-2021-41269 | Cri | 0.58 | 10.0 | 0.04 | Nov 15, 2021 | cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to… | ||
| CVE-2021-29472 | Hig | 0.58 | 8.8 | 0.05 | Apr 27, 2021 | Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.… | ||
| CVE-2014-5013 | — | Hig | 0.58 | 8.8 | 0.05 | Jan 10, 2020 | DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. | |
| CVE-2019-14867 | — | Hig | 0.58 | 8.8 | 0.06 | Nov 27, 2019 | A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker… | |
| CVE-2019-10760 | — | Cri | 0.58 | 9.9 | 0.03 | Oct 15, 2019 | safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code. | |
| CVE-2019-10431 | Cri | 0.58 | 9.9 | 0.03 | Oct 1, 2019 | A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts. | ||
| CVE-2019-14271 | — | Cri | 0.58 | 9.8 | 0.19 | Jul 29, 2019 | In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. | |
| CVE-2017-16544 | Hig | 0.58 | 8.8 | 0.06 | Nov 20, 2017 | In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially… | ||
| CVE-2017-14353 | Hig | 0.58 | 8.8 | 0.05 | Oct 5, 2017 | A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution. | ||
| CVE-2017-0899 | Cri | 0.58 | 9.8 | 0.11 | Aug 31, 2017 | RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences. | ||
| CVE-2017-7694 | Hig | 0.58 | 8.8 | 0.04 | Apr 11, 2017 | Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor… |
- risk 0.58cvss 8.8epss 0.01
The Oxygen Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.8.2 via post metadata. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for lower privileged…
- risk 0.58cvss 8.8epss 0.16
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute…
- risk 0.58cvss 9.9epss 0.02
Grav is a flat-file content management system. Versions prior to 1.7.42 are vulnerable to server side template injection. Remote code execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. Version 1.7.42 contains…
- risk 0.58cvss 10.0epss 0.01
Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.
- risk 0.58cvss 10.0epss 0.01
Code Injection in GitHub repository builderio/qwik prior to 0.21.0.
- risk 0.58cvss 10.0epss 0.01
Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution.
- risk 0.58cvss 9.9epss 0.09
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.
- risk 0.58cvss 9.8epss 0.17
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.
- risk 0.58cvss 8.8epss 0.13
Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at `/hystrix/monitor;[user-provided data]`, the…
- risk 0.58cvss 10.0epss 0.04
cron-utils is a Java library to define, parse, validate, migrate crons as well as get human readable descriptions for them. In affected versions A template Injection was identified in cron-utils enabling attackers to inject arbitrary Java EL expressions, leading to…
- risk 0.58cvss 8.8epss 0.05
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.…
- risk 0.58cvss 8.8epss 0.05
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
- risk 0.58cvss 8.8epss 0.06
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker…
- risk 0.58cvss 9.9epss 0.03
safer-eval before 1.3.2 are vulnerable to Arbitrary Code Execution. A payload using constructor properties can escape the sandbox and execute arbitrary code.
- risk 0.58cvss 9.9epss 0.03
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.64 and earlier related to the handling of default parameter expressions in constructors allowed attackers to execute arbitrary code in sandboxed scripts.
- risk 0.58cvss 9.8epss 0.19
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
- risk 0.58cvss 8.8epss 0.06
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially…
- risk 0.58cvss 8.8epss 0.05
A remote code execution vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33, could be remotely exploited to allow code execution.
- risk 0.58cvss 9.8epss 0.11
RubyGems version 2.6.12 and earlier is vulnerable to maliciously crafted gem specifications that include terminal escape characters. Printing the gem specification would execute terminal escape sequences.
- risk 0.58cvss 8.8epss 0.04
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor…