Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-12 | CVE-2017-11167 | Code Injection vulnerability in Finecms Project Finecms 2.1.0 FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | 9.8 |
| 2017-07-07 | CVE-2017-10968 | Code Injection vulnerability in Finecms Project Finecms In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | 9.8 |
| 2017-06-27 | CVE-2017-9841 | Code Injection vulnerability in multiple products Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | 9.8 |
| 2017-06-26 | CVE-2017-6325 | Code Injection vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. | 6.6 |
| 2017-06-22 | CVE-2017-9807 | Code Injection vulnerability in Openwebif Project Openwebif An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. | 9.8 |
| 2017-06-21 | CVE-2017-9774 | Code Injection vulnerability in Horde Image API Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. | 8.8 |
| 2017-06-21 | CVE-2017-9771 | Code Injection vulnerability in Websitebaker 2.10.0 install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | 9.8 |
| 2017-06-08 | CVE-2015-2252 | Code Injection vulnerability in Huawei Oceanstor UDS Firmware V100R002C01Spc101 Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts. | 8.8 |
| 2017-06-05 | CVE-2017-9442 | Code Injection vulnerability in Bigtreecms Bigtree CMS BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. | 8.8 |
| 2017-06-01 | CVE-2015-6531 | Code Injection vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | 7.8 |