Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-11 | CVE-2017-7691 | Code Injection vulnerability in SAP Trex A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). | 9.8 |
| 2017-04-10 | CVE-2017-7625 | Code Injection vulnerability in Fiyo CMS In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code. | 9.8 |
| 2017-04-10 | CVE-2016-5072 | Code Injection vulnerability in Oxidforge Oxid Eshop 4.9.8/5.2.8 OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. | 8.8 |
| 2017-04-07 | CVE-2017-7570 | Code Injection vulnerability in Pivotx 2.3.11 PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension. | 8.8 |
| 2017-04-06 | CVE-2017-4964 | Code Injection vulnerability in Cloudfoundry Bosh Azure CPI 22 Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director, aka a "CPI code injection vulnerability." | 8.8 |
| 2017-04-03 | CVE-2017-7402 | Code Injection vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg. | 9.8 |
| 2017-04-03 | CVE-2014-3927 | Code Injection vulnerability in Mrlg4PHP Project Mrlg4PHP mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to execute arbitrary shell code. | 9.8 |
| 2017-03-30 | CVE-2017-7324 | Code Injection vulnerability in Modx Revolution setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter. | 9.8 |
| 2017-03-30 | CVE-2017-7321 | Code Injection vulnerability in Modx Revolution setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI. | 9.8 |
| 2017-03-29 | CVE-2014-3582 | Code Injection vulnerability in Apache Ambari In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster. | 9.8 |