Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-21 | CVE-2015-3638 | Code Injection vulnerability in PHPmybackuppro phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, or by injecting PHP into a PHP configuration variable via a PHP variable variable. | 8.8 |
| 2017-07-18 | CVE-2017-11421 | Code Injection vulnerability in Gnome-Exe-Thumbnailer Project Gnome-Exe-Thumbnailer 0.9.4 gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection when generating thumbnails for MSI files, aka the "Bad Taste" issue. | 7.8 |
| 2017-07-17 | CVE-2015-0249 | Code Injection vulnerability in Apache Roller 5.1.0/5.1.1 The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka VTL). | 7.2 |
| 2017-07-12 | CVE-2017-11167 | Code Injection vulnerability in Finecms Project Finecms 2.1.0 FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by using a URL Manager "Add Site" action to enter this code after a ', sequence in a domain name, as demonstrated by the ',phpinfo() input value. | 9.8 |
| 2017-07-07 | CVE-2017-10968 | Code Injection vulnerability in Finecms Project Finecms In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request. | 9.8 |
| 2017-06-27 | CVE-2017-9841 | Code Injection vulnerability in multiple products Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | 9.8 |
| 2017-06-26 | CVE-2017-6325 | Code Injection vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. | 6.6 |
| 2017-06-22 | CVE-2017-9807 | Code Injection vulnerability in Openwebif Project Openwebif An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. | 9.8 |
| 2017-06-21 | CVE-2017-9774 | Code Injection vulnerability in Horde Image API Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a crafted GET request. | 8.8 |
| 2017-06-21 | CVE-2017-9771 | Code Injection vulnerability in Websitebaker 2.10.0 install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter. | 9.8 |