Vulnerabilities > Improper Control of Generation of Code ('Code Injection')

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2022-24665 Code Injection vulnerability in PHP Everywhere Project PHP Everywhere
PHP Everywhere <= 2.0.3 included functionality that allowed execution of PHP Code Snippets via a WordPress gutenberg block by any user able to edit posts.
network
low complexity
php-everywhere-project CWE-94
8.8
8.8
2022-02-11 CVE-2021-46362 Code Injection vulnerability in Magnolia-Cms Magnolia CMS
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.
network
low complexity
magnolia-cms CWE-94
critical
 9.8
9.8
2022-02-04 CVE-2022-23614 Code Injection vulnerability in multiple products
Twig is an open source template language for PHP.
network
low complexity
symfony fedoraproject debian CWE-94
critical
 9.8
9.8
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
critical
 9.8
9.8
2022-01-26 CVE-2022-21686 Code Injection vulnerability in Prestashop
PrestaShop is an Open Source e-commerce platform.
network
low complexity
prestashop CWE-94
critical
 9.8
9.8
2022-01-26 CVE-2021-46114 Code Injection vulnerability in Jpress 4.2.0
jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
8.8
8.8
2022-01-26 CVE-2021-46118 Code Injection vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
7.2
7.2
2022-01-26 CVE-2021-46117 Code Injection vulnerability in Jpress 4.2.0
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail.
network
low complexity
jpress CWE-94
7.2
7.2
2022-01-25 CVE-2021-45029 Code Injection vulnerability in Apache Shenyu 2.4.0/2.4.1
Groovy Code Injection & SpEL Injection which lead to Remote Code Execution.
network
low complexity
apache CWE-94
critical
 9.8
9.8
2022-01-21 CVE-2022-0323 Code Injection vulnerability in Mustache Project Mustache
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.
network
low complexity
mustache-project CWE-94
8.8
8.8