Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-01 | CVE-2022-25018 | Code Injection vulnerability in Pluxml 5.8.7 Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages. | 8.8 |
| 2022-02-25 | CVE-2022-24442 | Code Injection vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates. | 9.8 |
| 2022-02-25 | CVE-2021-22395 | Code Injection vulnerability in Huawei Emui, Harmonyos and Magic UI There is a code injection vulnerability in smartphones. | 7.5 |
| 2022-02-24 | CVE-2022-23810 | Code Injection vulnerability in Appleple A-Blog CMS Template injection (Improper Neutralization of Special Elements Used in a Template Engine) vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | 6.5 |
| 2022-02-21 | CVE-2022-24295 | Code Injection vulnerability in Okta Advanced Server Access Client for Windows Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | 8.8 |
| 2022-02-18 | CVE-2021-46063 | Code Injection vulnerability in Mingsoft Mcms 5.2.5 MCMS v5.2.5 was discovered to contain a Server Side Template Injection (SSTI) vulnerability via the Template Management module. | 9.1 |
| 2022-02-16 | CVE-2022-24663 | Code Injection vulnerability in PHP Everywhere Project PHP Everywhere PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress shortcodes, which can be used by any authenticated user. | 8.8 |
| 2022-02-16 | CVE-2022-24664 | Code Injection vulnerability in PHP Everywhere Project PHP Everywhere PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via WordPress metaboxes, which could be used by any user able to edit posts. | 8.8 |
| 2022-02-16 | CVE-2022-24665 | Code Injection vulnerability in PHP Everywhere Project PHP Everywhere PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts. | 8.8 |
| 2022-02-11 | CVE-2021-46362 | Code Injection vulnerability in Magnolia-Cms Magnolia CMS A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | 9.8 |