Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2018-04-02 CVE-2018-9175 Code Injection vulnerability in Dedecms 5.7
DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselect_main.php because code within the database is accessible to uploads/dede/sys_cache_up.php.
network
low complexity
dedecms CWE-94
critical
 9.8
9.8
2018-04-02 CVE-2018-9174 Code Injection vulnerability in Dedecms 5.7
sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the refiles array parameter, because the contents of modifytmp.inc are under an attacker's control.
network
low complexity
dedecms CWE-94
critical
 9.8
9.8
2018-03-28 CVE-2018-8823 Code Injection vulnerability in multiple products
modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu (Horizontal+Vertical+Dropdown) Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter.
network
low complexity
responsive-mega-menu-pro-project prestashop CWE-94
critical
 9.8
9.8
2018-03-26 CVE-2014-2293 Code Injection vulnerability in Zikula Application Framework
Zikula Application Framework before 1.3.7 build 11 allows remote attackers to conduct PHP object injection attacks and delete arbitrary files or execute arbitrary PHP code via crafted serialized data in the (1) authentication_method_ser or (2) authentication_info_ser parameter to index.php, or (3) zikulaMobileTheme parameter to index.php.
network
low complexity
zikula CWE-94
critical
 9.8
9.8
2018-03-24 CVE-2018-8966 Code Injection vulnerability in Zzcms 8.2
An issue was discovered in zzcms 8.2.
network
low complexity
zzcms CWE-94
7.5
7.5
2018-03-23 CVE-2018-1207 Code Injection vulnerability in Dell EMC Idrac7 and EMC Idrac8
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code.
network
low complexity
dell CWE-94
critical
 9.8
9.8
2018-03-22 CVE-2017-1789 Code Injection vulnerability in IBM Tivoli Monitoring
IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an unauthenticated user to remotely execute code through unspecified methods.
network
low complexity
ibm CWE-94
critical
 9.8
9.8
2018-03-21 CVE-2018-8074 Code Injection vulnerability in Yiiframework YII
Yii 2.x before 2.0.15 allows remote attackers to inject unintended search conditions via a variant of the CVE-2018-7269 attack in conjunction with the Elasticsearch extension.
network
high complexity
yiiframework CWE-94
8.1
8.1
2018-03-21 CVE-2018-8073 Code Injection vulnerability in Yiiframework YII
Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA code via a variant of the CVE-2018-7269 attack in conjunction with the Redis extension.
network
low complexity
yiiframework CWE-94
critical
 9.8
9.8
2018-03-20 CVE-2011-3178 Code Injection vulnerability in Opensuse Open Build Service
In the web ui of the openbuildservice before 2.3.0 a code injection of the project rebuildtimes statistics could be used by authorized attackers to execute shellcode.
network
low complexity
opensuse CWE-94
8.8
8.8