Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-09-17 CVE-2018-11781 Code Injection vulnerability in multiple products
Apache SpamAssassin 3.4.2 fixes a local user code injection in the meta rule syntax.
local
low complexity
apache redhat debian canonical CWE-94
7.8
7.8
2018-09-17 CVE-2018-11780 Code Injection vulnerability in multiple products
A potential Remote Code Execution bug exists with the PDFInfo plugin in Apache SpamAssassin before 3.4.2.
network
low complexity
apache pdfinfo-project debian canonical CWE-94
critical
 9.8
9.8
2018-09-17 CVE-2018-17134 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17133 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17132 Code Injection vulnerability in PHPmywind 5.5
admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17131 Code Injection vulnerability in PHPmywind 5.5
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.
network
low complexity
phpmywind CWE-94
7.2
7.2
2018-09-17 CVE-2018-17126 Code Injection vulnerability in Chshcms Cscms 4.1
CScms 4.1 allows remote code execution, as demonstrated by 1');eval($_POST[cmd]);# in Web Name to upload\plugins\sys\Install.php.
network
low complexity
chshcms CWE-94
critical
 9.8
9.8
2018-09-14 CVE-2018-17036 Code Injection vulnerability in Ucms Project Ucms 1.4.6/1.6
An issue was discovered in UCMS 1.4.6 and 1.6.
network
low complexity
ucms-project CWE-94
critical
 9.8
9.8
2018-09-14 CVE-2018-17030 Code Injection vulnerability in Bigtreecms Bigtree CMS 4.2.23
BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.
network
high complexity
bigtreecms CWE-94
7.5
7.5
2018-09-12 CVE-2018-16975 Code Injection vulnerability in Elefantcms Elefant
An issue was discovered in Elefant CMS before 2.0.7.
network
low complexity
elefantcms CWE-94
critical
 9.8
9.8