Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2023-11-15 CVE-2023-47444 Code Injection vulnerability in Opencart
An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server.
network
low complexity
opencart CWE-94
8.8
8.8
2023-11-09 CVE-2023-5539 Code Injection vulnerability in multiple products
A remote code execution risk was identified in the Lesson activity.
network
low complexity
moodle fedoraproject CWE-94
8.8
8.8
2023-11-09 CVE-2023-5540 Code Injection vulnerability in multiple products
A remote code execution risk was identified in the IMSCP activity.
network
low complexity
moodle fedoraproject CWE-94
8.8
8.8
2023-11-08 CVE-2023-45849 Code Injection vulnerability in Perforce Helix Core
An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2.
network
low complexity
perforce CWE-94
critical
 9.8
9.8
2023-11-08 CVE-2023-47397 Code Injection vulnerability in Webidsupport Webid
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
network
low complexity
webidsupport CWE-94
critical
 9.8
9.8
2023-11-07 CVE-2023-46845 Code Injection vulnerability in Ec-Cube
EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product.
network
low complexity
ec-cube CWE-94
7.2
7.2
2023-11-06 CVE-2023-46731 Code Injection vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-94
critical
 9.8
9.8
2023-11-03 CVE-2023-46947 Code Injection vulnerability in Intelliants Subrion 4.2.1
Subrion 4.2.1 has a remote command execution vulnerability in the backend.
network
low complexity
intelliants CWE-94
8.8
8.8
2023-10-31 CVE-2023-40050 Code Injection vulnerability in Chef Automate
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.
network
low complexity
chef CWE-94
8.8
8.8
2023-10-31 CVE-2023-42658 Code Injection vulnerability in Chef Inspec 5.0.0
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.
local
low complexity
chef CWE-94
7.8
7.8