Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-18 | CVE-2023-25550 | Code Injection vulnerability in Schneider-Electric Struxureware Data Center Expert A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is entered. Affected products: StruxureWare Data Center Expert (V7.9.2 and prior) | 9.8 |
| 2023-04-17 | CVE-2023-2017 | Code Injection vulnerability in Shopware Server-side Template Injection (SSTI) in Shopware 6 (<= v6.4.20.0, v6.5.0.0-rc1 <= v6.5.0.0-rc4), affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in `Shopware\Core\Framework\Adapter\Twig\SecurityExtension` and call any arbitrary PHP function and thus execute arbitrary code/commands via usage of fully-qualified names, supplied as array of strings, when referencing callables. | 8.8 |
| 2023-04-16 | CVE-2023-29509 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-16 | CVE-2023-30537 | Code Injection vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-04-16 | CVE-2023-29211 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-16 | CVE-2023-29212 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-16 | CVE-2023-29214 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-15 | CVE-2020-29007 | Code Injection vulnerability in Mediawiki Score 0.3.0 The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. | 9.8 |
| 2023-04-15 | CVE-2023-29209 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |
| 2023-04-15 | CVE-2023-29210 | Code Injection vulnerability in Xwiki XWiki Commons are technical libraries common to several other top level XWiki projects. | 8.8 |