Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-11 | CVE-2017-7694 | Code Injection vulnerability in Getsymphony Symphony Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. | 8.8 |
| 2017-04-11 | CVE-2017-7691 | Code Injection vulnerability in SAP Trex A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). | 9.8 |
| 2017-04-10 | CVE-2017-7625 | Code Injection vulnerability in Fiyo CMS In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | 9.8 |
| 2017-04-10 | CVE-2016-5072 | Code Injection vulnerability in Oxidforge Oxid Eshop 4.9.8/5.2.8 OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. | 8.8 |
| 2017-04-07 | CVE-2017-7570 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | 8.8 |
| 2017-04-06 | CVE-2017-4964 | Code Injection vulnerability in Cloudfoundry Bosh Azure CPI 22 Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | 8.8 |
| 2017-04-03 | CVE-2017-7402 | Code Injection vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | 9.8 |
| 2017-04-03 | CVE-2014-3927 | Code Injection vulnerability in Mrlg4PHP Project Mrlg4PHP mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | 9.8 |
| 2017-03-30 | CVE-2017-7324 | Code Injection vulnerability in Modx Revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | 9.8 |
| 2017-03-30 | CVE-2017-7321 | Code Injection vulnerability in Modx Revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | 9.8 |