Vulnerabilities > Improper Control of Generation of Code ('Code Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-15 | CVE-2020-8149 | Code Injection vulnerability in Logkitty Project Logkitty Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. | 9.8 |
2020-05-12 | CVE-2020-11057 | Code Injection vulnerability in Xwiki In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. | 8.8 |
2020-05-12 | CVE-2020-6262 | Code Injection vulnerability in SAP Application Server Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. | 8.8 |
2020-05-12 | CVE-2020-6243 | Code Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0 Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. | 8.8 |
2020-05-07 | CVE-2020-10176 | Code Injection vulnerability in Assaabloy Yale Wipc-301W Firmware 2.X.2.29/2.X.2.43 ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands. | 9.8 |
2020-04-27 | CVE-2020-7609 | Code Injection vulnerability in Node-Rules Project Node-Rules 3.0.0/4.0.2 node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. | 9.8 |
2020-04-14 | CVE-2020-5739 | Code Injection vulnerability in Grandstream products Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. | 8.8 |
2020-04-01 | CVE-2020-10948 | Code Injection vulnerability in Alienform2 Project Alienform2 2.0.2 Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. | 9.8 |
2020-04-01 | CVE-2019-9163 | Code Injection vulnerability in Marchnetworks Command Client 2.6.4/2.6.4.1 The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects. | 9.8 |
2020-03-25 | CVE-2020-5558 | Code Injection vulnerability in Cutephp Cutenews 2.0.1 CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. | 8.8 |