Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-01 | CVE-2020-23219 | Code Injection vulnerability in Monstra CMS 3.0.4 Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module. | 8.8 |
| 2021-06-28 | CVE-2021-35514 | Code Injection vulnerability in Narou Project Narou Narou (aka Narou.rb) before 3.8.0 allows Ruby Code Injection via the title name or author name of a novel. | 9.8 |
| 2021-06-24 | CVE-2020-21784 | Code Injection vulnerability in PHPwcms 1.9.13 phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | 9.8 |
| 2021-06-16 | CVE-2020-22201 | Code Injection vulnerability in PHPcms 2008 phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | 8.8 |
| 2021-06-03 | CVE-2021-22336 | Code Injection vulnerability in Huawei Emui and Magic UI There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. | 7.5 |
| 2021-06-01 | CVE-2021-32924 | Code Injection vulnerability in Invisioncommunity IPS Community Suite Invision Community (aka IPS Community Suite) before 4.6.0 allows eval-based PHP code injection by a moderator because the IPS\cms\modules\front\pages\_builder::previewBlock method interacts unsafely with the IPS\_Theme::runProcessFunction method. | 8.8 |
| 2021-05-29 | CVE-2021-30461 | Code Injection vulnerability in Voipmonitor A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. | 9.8 |
| 2021-05-24 | CVE-2020-28905 | Code Injection vulnerability in Nagios Fusion Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to execute remote code via table pagination. | 8.8 |
| 2021-05-21 | CVE-2021-27811 | Code Injection vulnerability in Qibosoft 1.0 A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. | 7.2 |
| 2021-05-14 | CVE-2021-32817 | Code Injection vulnerability in Express Handlebars Project Express Handlebars express-hbs is an Express handlebars template engine. | 6.8 |