Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-21 | CVE-2018-7271 | Code Injection vulnerability in Metinfo 6.0.0 An issue was discovered in MetInfo 6.0.0. | 8.1 |
| 2018-02-19 | CVE-2017-16670 | Code Injection vulnerability in Smartbear Soapui 5.3.0 The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | 7.8 |
| 2018-02-12 | CVE-2018-6889 | Code Injection vulnerability in Typesettercms Typesetter 5.1 An issue was discovered in Typesetter 5.1. | 8.8 |
| 2018-02-07 | CVE-2018-6574 | Code Injection vulnerability in multiple products Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow "go get" remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked. | 7.8 |
| 2018-01-09 | CVE-2018-2363 | Code Injection vulnerability in SAP products SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.52, contains code that allows you to execute arbitrary program code of the user's choice. | 8.8 |
| 2018-01-05 | CVE-2017-16905 | Code Injection vulnerability in Duolingo Tinycards The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack. | 8.1 |
| 2018-01-03 | CVE-2017-1000480 | Code Injection vulnerability in Smarty Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. | 9.8 |
| 2018-01-02 | CVE-2017-17098 | Code Injection vulnerability in Gps-Server GPS Tracking Software The writeLog function in fn_common.php in gps-server.net GPS Tracking Software (self hosted) through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by <?php system($_GET[cmd]); ?> in a login request. | 9.8 |
| 2017-12-18 | CVE-2017-17649 | Code Injection vulnerability in Readymade Video Sharing Script Project Readymade Video Sharing Script 3.2 Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter. | 6.1 |
| 2017-12-12 | CVE-2017-16682 | Code Injection vulnerability in SAP products SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of the application. | 7.2 |