Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2007-03-03 CVE-2006-7104 Code Injection vulnerability in Mambo Mostlyce 4.5.4
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
network
low complexity
mambo CWE-94
7.5
2007-03-03 CVE-2006-7102 Code Injection vulnerability in Matthias Dietrich PHPburningportal Quiz-Modul
Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal quiz-modul 1.0.1, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the lang_path parameter to (1) quest_delete.php, (2) quest_edit.php, or (3) quest_news.php.
network
low complexity
matthias-dietrich CWE-94
7.5
2007-03-03 CVE-2006-7100 Code Injection vulnerability in PHPbb Insert User
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBB Insert User 0.1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
network
phpbb CWE-94
6.8
2007-03-03 CVE-2007-1253 Code Injection vulnerability in Blender 2.25/2.36/2.37A
Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script for Blender 0.1.9h, as used in (b) Blender before 2.43, allows user-assisted remote attackers to execute arbitrary Python code by importing a crafted (1) KML or (2) KMZ file.
network
blender CWE-94
critical
9.3
2007-03-03 CVE-2007-1247 Code Injection vulnerability in Aweb Labs Awebnews 1.5
Multiple PHP remote file inclusion vulnerabilities in aWeb Labs aWebNews 1.5 allow remote attackers to execute arbitrary PHP code via a URL in the path_to_news parameter to (1) listing.php or (2) visview.php.
network
aweb-labs CWE-94
6.8
2007-03-03 CVE-2007-1233 Code Injection vulnerability in Stwc-Counter
PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.
network
low complexity
stwc-counter CWE-94
7.5
2007-03-02 CVE-2007-1165 Code Injection vulnerability in Dbscripts Dbguestbook 1.1
Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.
network
low complexity
dbscripts CWE-94
7.5
2007-03-02 CVE-2007-1164 Code Injection vulnerability in Dbscripts Dbimagegallery 1.2.2
Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.
network
low complexity
dbscripts CWE-94
7.5
2007-03-02 CVE-2007-1153 Code Injection vulnerability in Cutephp Cutenews 1.3.6
Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors.
network
low complexity
cutephp CWE-94
7.5
2007-03-02 CVE-2007-1148 Code Injection vulnerability in Lovecms 1.4
PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.
network
low complexity
lovecms CWE-94
7.5