Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-06 | CVE-2020-21652 | Code Injection vulnerability in Myucms Project Myucms 2.2 Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | 9.8 |
| 2021-10-04 | CVE-2021-40323 | Code Injection vulnerability in Cobbler Project Cobbler Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection. | 9.8 |
| 2021-09-28 | CVE-2020-20124 | Code Injection vulnerability in Wuzhicms Wuzhi CMS 4.1.0 Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability in \attachment\admin\index.php. | 8.8 |
| 2021-09-22 | CVE-2021-3583 | Code Injection vulnerability in Redhat Ansible Automation Platform and Ansible Tower A flaw was found in Ansible, where a user's controller is vulnerable to template injection. | 7.1 |
| 2021-09-20 | CVE-2021-39402 | Code Injection vulnerability in Maianmedia Maianaffiliate 1.0 MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. | 7.2 |
| 2021-09-16 | CVE-2021-39128 | Code Injection vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-side template injection vulnerability in the Email Template feature. | 7.2 |
| 2021-09-15 | CVE-2021-33693 | Code Injection vulnerability in SAP Cloud Connector 2.0 SAP Cloud Connector, version - 2.0, allows an authenticated administrator to modify a configuration file to inject malicious codes that could potentially lead to OS command execution. | 6.8 |
| 2021-09-10 | CVE-2021-40373 | Code Injection vulnerability in Playsms playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the #tabs-information-page of core_main_config, and then executing that code via the index.php?app=main&inc=core_welcome URI. | 9.8 |
| 2021-09-07 | CVE-2021-39503 | Code Injection vulnerability in PHPmywind 5.6 PHPMyWind 5.6 is vulnerable to Remote Code Execution. | 7.2 |
| 2021-09-01 | CVE-2021-39115 | Code Injection vulnerability in Atlassian Jira Service Desk Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands via a Server_Side Template Injection vulnerability in the Email Template feature. | 7.2 |